CN112569605A - Method and system for detecting android running in modifier environment - Google Patents
Method and system for detecting android running in modifier environment Download PDFInfo
- Publication number
- CN112569605A CN112569605A CN202011578751.3A CN202011578751A CN112569605A CN 112569605 A CN112569605 A CN 112569605A CN 202011578751 A CN202011578751 A CN 202011578751A CN 112569605 A CN112569605 A CN 112569605A
- Authority
- CN
- China
- Prior art keywords
- modifier
- manifest
- file
- apk
- english
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/70—Game security or game management aspects
- A63F13/73—Authorising game programs or game devices, e.g. checking authenticity
Abstract
The invention provides a method for detecting android running in a modifier environment, which comprises the following steps: step S1, starting an android game client, traversing and reading all apk installation list files under an android system "/data/app/package name/" directory, and reading all base.apk data under the "/data/app/package name/" directory; step S2, reading a MANIFEST.MF file in a signature folder META-INF directory in a base.apk file; step S3, comparing the read content of the manifest.mf file with the english name of the modifier or the abbreviated english icon information path information in the modifier, and if the manifest.mf file is traversed to have the abbreviated icon information with path including the english name or the english name of the modifier, the current game client is operated in the environment with the modifier, thereby protecting the security of the game client.
Description
Technical Field
The invention relates to the technical field of computer communication, in particular to a method and a system for detecting android running in a modifier environment.
Background
The rapid development of android mobile terminal games often attracts a large amount of auxiliary software which is specially used for a reverse game client to modify a game client and develop a game client to modify the game client during running. The game client side process comprises a game client side process, a game client side process and a game client side process, wherein the game client side process comprises a game client side process, a game client side process and a game client side process, and the game client side. Because the game client is injected by the modifiers to modify the memory data to achieve the effect of cheating in the game, the safety of the game client is greatly reduced, and meanwhile, the great influence is brought to the balance of the game. There is therefore a need to detect whether there are any game modifier packages installed on the market in the environment in which the game client is running. Since the modifier software on the market can also modify some random values for the information such as the self package name class name, the common method for detecting the modifiers of the installed package name class names cannot detect the common modifier software on the market, so that the detection of the android modifier is a process for solving the problem that the android modifier needs to be resisted for a long time.
Disclosure of Invention
In order to overcome the above problems, an object of the present invention is to provide a method for detecting whether an android runs in a modifier environment, which can accurately detect whether a game client runs in the modifier environment, and improve the security of the game client.
The invention is realized by adopting the following scheme: a method of detecting that an android is operating in a modifier environment, the method comprising the steps of:
step S1, starting an android game client, traversing and reading all apk installation list files under an android system "/data/app/package name/" directory, and reading all base.apk data under the "/data/app/package name/" directory;
step S2, reading a MANIFEST.MF file in a signature folder META-INF directory in a base.apk file;
step S3, comparing the read content of the manifest.mf file with the english name of the modifier or the abbreviated english icon information path information in the modifier, and if the manifest.mf file is traversed to have the abbreviated icon information with path including the english name or the english name of the modifier, the current game client is operated in the environment with the modifier.
Further, in step S1, the list information of all installed apk applications is traversed through getPackageManager (). getInstalledPackages (), where the list is the base.apk information of each installed application, and all base.apk data under/data/app/package name/directory is read from the list information of all installed apk applications.
Further, in step S2, reading content of a manual est.
Further, in step S3, a stream mode is used to traverse and compare whether there is icon information path information containing modifier english name or abbreviation english in the entire manual.mf file content through a buffer reader class of the android system itself, wherein, the whole MANIFEST.MF file content is traversed and compared by using a stream mode to determine whether the whole MANIFEST.MF file content contains modifier English names or English icon information path information with abbreviations in the modifiers, specifically, the data of META-INF/MANIFEST.MF in a base.apk packet directory is read by using a buffer reader class object by calling a buffer reader class of an android system, mf the contents of this file are all in the BufferedReader class object at this time, and reading line by line and comparing with the English name of the modifier or the characteristic with English abbreviation of the modifier in the modifier, and judging as the modifier as long as the comparison is carried out in the whole MANIFEST.
The invention also provides a system for detecting the android running in the modifier environment, which comprises a reading and installing package module, a MANIFEST.
The installation package reading module is used for starting a game client of an android, traversing and reading all apk installation list files under a "/data/app/package name/" directory of the android system, and reading all base.apk data under the "/data/app/package name/" directory;
the MANIFEST.MF file acquisition module is used for reading the MANIFEST.MF file in the base.apk file under the META-INF directory of the signature folder;
the comparison module is used for comparing the read content of the MANIFEST.MF file with the English name of the modifier or the English icon information path information with the abbreviation in the modifier, and the current game client operates in the environment with the modifier as long as the icon information with the path containing the English name or the abbreviation of the English name of the modifier is traversed in the MANIFEST.MF file.
Further, the read installation package module traverses the list information of all installed apk applications through getPackageManager (). getInstalledPackages (), the list is the base.apk information of each installed application, and reads all base.apk data under/data/app/package name/directory for the list information of all installed apk applications.
Furthermore, the MANIFEST.MF file acquisition module reads the MANIFEST.MF file content below the META-INF signature folder in the base.apk package through ZipFile class and getEntry function carried by the android system.
Furthermore, the comparison module uses a stream mode to traverse and compare whether the content of the whole MANIFEST.MF file contains modifier English names or icon information path information of English with abbreviations through a BufferReader class carried by the android system, wherein, the whole MANIFEST.MF file content is traversed and compared by using a stream mode to determine whether the whole MANIFEST.MF file content contains modifier English names or English icon information path information with abbreviations in the modifiers, specifically, the data of META-INF/MANIFEST.MF in a base.apk packet directory is read by using a buffer reader class object by calling a buffer reader class of an android system, mf the contents of this file are all in the BufferedReader class object at this time, and reading line by line and comparing with the English name of the modifier or the characteristic with English abbreviation of the modifier in the modifier, and judging as the modifier as long as the comparison is carried out in the whole MANIFEST.
The invention has the beneficial effects that: the method comprises the steps of obtaining information of all apk installation package list packages, reading all base.apk data under a/data/app/package name/directory for all the apk installation package list packages, and reading a MANIFEST.MF file under a signature folder META-INF directory in a base.apk file; comparing the read content of the MANIFEST.MF file with the English name of the modifier or the English icon information path information with abbreviation in the modifier, and if the icon information with path containing the English name of the modifier or the abbreviation in the English name is traversed in the MANIFEST.MF file, the current game client is operated in the environment with the modifier; whether the game client runs in the modifier environment or not can be accurately detected, and the safety of the game client is improved.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
FIG. 2 is a schematic flow chart of a method according to an embodiment of the present invention.
Fig. 3 is a schematic block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, a method for detecting that an android runs in a modifier environment according to the present invention includes the following steps:
step S1, starting an android game client, traversing and reading all apk installation list files under an android system "/data/app/package name/" directory, and reading all base.apk data under the "/data/app/package name/" directory;
step S2, reading a MANIFEST.MF file in a signature folder META-INF directory in a base.apk file;
step S3, comparing the read content of the manifest.mf file with the english name of the modifier or the abbreviated english icon information path information in the modifier, and if the manifest.mf file is traversed to have the abbreviated icon information with path including the english name or the english name of the modifier, the current game client is operated in the environment with the modifier.
The invention is further illustrated below with reference to a specific embodiment:
referring to fig. 2, a method for detecting whether an android runs in a modifier environment according to the present invention,
starting an android game client, traversing list information of all installed apks in the current android game client environment, reading and reading all base.apk data under read/data/app/package name/directory for the list information of all installed apk application programs, and acquiring all installed apk lists of the current client in the android environment: traversing all the information of the installation package list package (namely list information of all the installed apk applications, namely the base.apk information of all the installed applications under the current mobile phone or simulator environment, and the size of the list information needs to see how many applications are installed in the current mobile phone or simulator) through getPackageManager (). getpackages (), reading the file content under the META-INF folder in the base.apk one by one in the list at this time, and detecting the modifier information as long as the file content contains the English name base such as an eight-god modifier.
And reading the content of the MANIFEST.
Traversing and comparing whether the icon information with paths containing modifier English names or acronyms of the English names exists in the content of the whole MANIFEST.MF file in a streaming mode through BufferReader class carried by an android system (for example, if a gameguard Dian modifier exists, the icon information with paths containing acronyms of the English names is gameguard:/ic _ gg _48 dp.png; if an eight-door modifier exists, bamenlugin, and the icon information with paths containing acronyms of the English names is bamen:/ic _ gg _50 dp.png), and if the MANIFEST.MF file contains the modifier name information, the game client is described to be operated in a modifier environment, otherwise, the game client is described to be not operated in the modifier environment; the method comprises the steps of traversing and comparing whether the content of the whole MANIFEST.MF file contains modifier English names or English icon information path information with abbreviations in the modifier in a streaming mode, specifically, calling a buffer reader class of an android system to read the data of META-INF/MANIFEST.MF in a base.apk packet directory by using a buffer reader class object, reading the content of the MANIFEST.MF file in the buffer reader class object line by line and comparing the content with the English names of the modifier or the characteristics with the modifier English abbreviations in the modifier, and determining the modifier as long as the content of the whole MANIFEST.MF file is compared.
Referring to fig. 3, the present invention further provides a system for detecting that an android runs in a modifier environment, where the system includes a reading installation package module, a manifest.
The installation package reading module is used for starting a game client of an android, traversing and reading all apk installation list files under a "/data/app/package name/" directory of the android system, and reading all base.apk data under the "/data/app/package name/" directory;
the MANIFEST.MF file acquisition module is used for reading the MANIFEST.MF file in the base.apk file under the META-INF directory of the signature folder;
the comparison module is used for comparing the read content of the MANIFEST.MF file with the English name of the modifier or the English icon information path information with the abbreviation in the modifier, and the current game client operates in the environment with the modifier as long as the icon information with the path containing the English name or the abbreviation of the English name of the modifier is traversed in the MANIFEST.MF file.
The read install package module traverses list information of all installed apk applications through getPackageManager (). getlnstalledpackages () (namely, list information of all installed apk applications, the list is base.apk information of all installed applications under the current mobile phone or simulator environment, and the size of the list information needs to see how many applications are installed on the current mobile phone or simulator) the list is base.apk information of each installed application, and all base.apk data under/data/app/package name/directory are read from the list information of all installed apk applications. The above list is obtained by reading base.apk information of all applications installed in the mobile phone or simulator environment, and then reading specific information of contents in the base.apk. (mainly, through two traversals, the first traversals all the information of the installation list, then the specific information in the variable base. apk)
And reading the content of the MANIFEST.
In addition, the comparison module uses a stream mode to traverse and compare whether the content of the whole MANIFEST.MF file contains modifier English names or icon information path information of English with abbreviations through a buffer reader class carried by the android system, wherein, the whole MANIFEST.MF file content is traversed and compared by using a stream mode to determine whether the whole MANIFEST.MF file content contains modifier English names or English icon information path information with abbreviations in the modifiers, specifically, the data of META-INF/MANIFEST.MF in a base.apk packet directory is read by using a buffer reader class object by calling a buffer reader class of an android system, mf the contents of this file are all in the BufferedReader class object at this time, and reading line by line and comparing with the English name of the modifier or the characteristic with English abbreviation of the modifier in the modifier, and judging as the modifier as long as the comparison is carried out in the whole MANIFEST.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (8)
1. A method for detecting that an android runs in a modifier environment, the method is characterized by comprising the following steps: the method comprises the following steps:
step S1, starting an android game client, traversing and reading all apk installation list files under an android system "/data/app/package name/" directory, and reading all base.apk data under the "/data/app/package name/" directory;
step S2, reading a MANIFEST.MF file in a signature folder META-INF directory in a base.apk file;
step S3, comparing the read content of the manifest.mf file with the english name of the modifier or the abbreviated english icon information path information in the modifier, and if the manifest.mf file is traversed to have the abbreviated icon information with path including the english name or the english name of the modifier, the current game client is operated in the environment with the modifier.
2. The method of claim 1, wherein the method comprises the following steps: in step S1, list information of all installed apk applications is traversed through getPackageManager (). getlnstalledpackages (), where the list is base.apk information of each installed application, and all base.apk data under/data/app/package name/directory is read from the list information of all installed apk applications.
3. The method of claim 1, wherein the method comprises the following steps: in the step S2, the content of the manifest.mf file below the META-INF signature folder in the base.apk package is read through the ZipFile class and the getEntry function of the android system.
4. The method of claim 1, wherein the method comprises the following steps: in the step S3, through a buffer reader class carried by the android system, a stream mode is used to traverse and compare whether the content of the whole request message. The method comprises the steps of traversing and comparing whether the content of the whole MANIFEST.MF file contains modifier English names or English icon information path information with abbreviations in the modifier in a streaming mode, specifically, calling a buffer reader class of an android system to read the data of META-INF/MANIFEST.MF in a base.apk packet directory by using a buffer reader class object, reading the content of the MANIFEST.MF file in the buffer reader class object line by line and comparing the content with the English names of the modifier or the characteristics with the modifier English abbreviations in the modifier, and determining the modifier as long as the content of the whole MANIFEST.MF file is compared.
5. A system for detecting that an android is operating in a modifier environment, comprising: the system comprises a reading installation package module, a MANIFEST.MF file acquisition module and a comparison module;
the installation package reading module is used for starting a game client of an android, traversing and reading all apk installation list files under a "/data/app/package name/" directory of the android system, and reading all base.apk data under the "/data/app/package name/" directory;
the MANIFEST.MF file acquisition module is used for reading the MANIFEST.MF file in the base.apk file under the META-INF directory of the signature folder;
the comparison module is used for comparing the read content of the MANIFEST.MF file with the English name of the modifier or the English icon information path information with the abbreviation in the modifier, and the current game client operates in the environment with the modifier as long as the icon information with the path containing the English name or the abbreviation of the English name of the modifier is traversed in the MANIFEST.MF file.
6. The system of claim 5, wherein the system is configured to detect whether the android runs in a modifier environment: and traversing the list information of all the installed apk applications in the read installation package module through getPackageManager (). getInstalledPackers (), wherein the list is the base.apk information of each installed application, and reading all the base.apk data under/data/app/package name/directory for the list information of all the installed apk applications.
7. The system of claim 5, wherein the system is configured to detect whether the android runs in a modifier environment: and reading the content of the MANIFEST.
8. The system of claim 5, wherein the system is configured to detect whether the android runs in a modifier environment: the comparison module uses a stream mode to traverse and compare whether the content of the whole MANIFEST.MF file contains modifier English names or icon information path information of English with abbreviations through buffer reader types carried by the android system, wherein, the whole MANIFEST.MF file content is traversed and compared by using a stream mode to determine whether the whole MANIFEST.MF file content contains modifier English names or English icon information path information with abbreviations in the modifiers, specifically, the data of META-INF/MANIFEST.MF in a base.apk packet directory is read by using a buffer reader class object by calling a buffer reader class of an android system, mf the contents of this file are all in the BufferedReader class object at this time, and reading line by line and comparing with the English name of the modifier or the characteristic with English abbreviation of the modifier in the modifier, and judging as the modifier as long as the comparison is carried out in the whole MANIFEST.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578751.3A CN112569605A (en) | 2020-12-28 | 2020-12-28 | Method and system for detecting android running in modifier environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578751.3A CN112569605A (en) | 2020-12-28 | 2020-12-28 | Method and system for detecting android running in modifier environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112569605A true CN112569605A (en) | 2021-03-30 |
Family
ID=75140212
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011578751.3A Pending CN112569605A (en) | 2020-12-28 | 2020-12-28 | Method and system for detecting android running in modifier environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112569605A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113509733A (en) * | 2021-04-20 | 2021-10-19 | 福建省天奕网络科技有限公司 | Method and system for detecting android game client running in cloud mobile phone environment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102158367A (en) * | 2010-12-17 | 2011-08-17 | 中国科学技术大学苏州研究院 | Active anti-plug-in online game system and anti-plug-in method thereof |
CN102176224A (en) * | 2005-06-30 | 2011-09-07 | 普瑞维克斯有限公司 | Methods and apparatus for dealing with malware |
CN102831338A (en) * | 2012-06-28 | 2012-12-19 | 北京奇虎科技有限公司 | Security detection method and system of Android application program |
CN104462971A (en) * | 2014-12-17 | 2015-03-25 | 北京奇虎科技有限公司 | Malicious application program recognition method and device according to application program declaration characteristics |
US20160021132A1 (en) * | 2014-07-16 | 2016-01-21 | Tangentix Limited | Method and Apparatus for Providing Content Protection in a Computer System |
CN105677318A (en) * | 2015-12-28 | 2016-06-15 | 心动网络股份有限公司 | Method for preventing game from being modified by memory modifier |
CN107203721A (en) * | 2017-03-01 | 2017-09-26 | 广西发发科技有限公司 | A kind of anti-cheating system of current game |
-
2020
- 2020-12-28 CN CN202011578751.3A patent/CN112569605A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102176224A (en) * | 2005-06-30 | 2011-09-07 | 普瑞维克斯有限公司 | Methods and apparatus for dealing with malware |
CN102158367A (en) * | 2010-12-17 | 2011-08-17 | 中国科学技术大学苏州研究院 | Active anti-plug-in online game system and anti-plug-in method thereof |
CN102831338A (en) * | 2012-06-28 | 2012-12-19 | 北京奇虎科技有限公司 | Security detection method and system of Android application program |
US20160021132A1 (en) * | 2014-07-16 | 2016-01-21 | Tangentix Limited | Method and Apparatus for Providing Content Protection in a Computer System |
CN104462971A (en) * | 2014-12-17 | 2015-03-25 | 北京奇虎科技有限公司 | Malicious application program recognition method and device according to application program declaration characteristics |
CN105677318A (en) * | 2015-12-28 | 2016-06-15 | 心动网络股份有限公司 | Method for preventing game from being modified by memory modifier |
CN107203721A (en) * | 2017-03-01 | 2017-09-26 | 广西发发科技有限公司 | A kind of anti-cheating system of current game |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113509733A (en) * | 2021-04-20 | 2021-10-19 | 福建省天奕网络科技有限公司 | Method and system for detecting android game client running in cloud mobile phone environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109144665B (en) | Simulator identification method, simulator identification equipment and computer readable medium | |
CN106648835B (en) | Method and system for detecting running of Android application program in Android simulator | |
US20130117855A1 (en) | Apparatus for automatically inspecting security of applications and method thereof | |
US20070250906A1 (en) | Mobile Communication Terminal and Data Access Control Method | |
CN109145590B (en) | Function hook detection method, detection equipment and computer readable medium | |
CN103778373A (en) | Virus detection method and device | |
US20110219454A1 (en) | Methods of identifying activex control distribution site, detecting security vulnerability in activex control and immunizing the same | |
KR20110128632A (en) | Method and device for detecting malicious action of application program for smartphone | |
CN108197476B (en) | Vulnerability detection method and device for intelligent terminal equipment | |
CN111027054A (en) | Method and system for judging running of application program in multi-open environment based on android system | |
CN108733385B (en) | Application program installation method, device, equipment and storage medium | |
CN112569605A (en) | Method and system for detecting android running in modifier environment | |
WO2022199292A1 (en) | Detection of malicious behavior of applet | |
JP4587976B2 (en) | Application vulnerability inspection method and apparatus | |
CN108196975B (en) | Data verification method and device based on multiple checksums and storage medium | |
CN104021074A (en) | Vulnerability detection method and device for application program of PhoneGap framework | |
CN111460448B (en) | Malicious software family detection method and device | |
CN111563260B (en) | Android application program-oriented Web injection code execution vulnerability detection method and system | |
CN110427758B (en) | Position spoofing detection method, intelligent terminal and storage medium | |
CN111027072B (en) | Kernel Rootkit detection method and device based on elf binary standard analysis under Linux | |
CN106713446A (en) | Relocation method and device, server and mobile terminal | |
CN115757092A (en) | Application software compatibility detection method based on binary file symbol table | |
CN113342660A (en) | File testing method, device, system, electronic equipment and readable storage medium | |
JP4898823B2 (en) | Application information alteration monitoring device and method | |
CN112541182B (en) | Kernel VFS layer system repairing method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |