CN113886892B - Application program data acquisition method and device, storage medium and electronic equipment - Google Patents

Application program data acquisition method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113886892B
CN113886892B CN202111010699.6A CN202111010699A CN113886892B CN 113886892 B CN113886892 B CN 113886892B CN 202111010699 A CN202111010699 A CN 202111010699A CN 113886892 B CN113886892 B CN 113886892B
Authority
CN
China
Prior art keywords
request
client certificate
parameter
application program
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111010699.6A
Other languages
Chinese (zh)
Other versions
CN113886892A (en
Inventor
李勃旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yancheng Tianyanchawei Technology Co ltd
Original Assignee
Yancheng Tianyanchawei Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yancheng Tianyanchawei Technology Co ltd filed Critical Yancheng Tianyanchawei Technology Co ltd
Priority to CN202111010699.6A priority Critical patent/CN113886892B/en
Publication of CN113886892A publication Critical patent/CN113886892A/en
Application granted granted Critical
Publication of CN113886892B publication Critical patent/CN113886892B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a data acquisition method and device of an application program, a storage medium and electronic equipment, wherein the method comprises the following steps: grabbing a network request; when the client certificate needs to be carried according to the network request, determining the client certificate corresponding to the application program and a secret key corresponding to the client certificate; carrying out parameter analysis on the grabbed network request and determining the type of the request parameter; and performing simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request. The invention can send the request under the condition of ensuring the normal operation of the application program, and efficiently obtain the data of the application program, so that the flow is simplified, the original request is directly obtained, the complexity and complexity of directly cracking the encryption algorithm of the application program are reduced, and the effect of obtaining the data is achieved.

Description

Application program data acquisition method and device, storage medium and electronic equipment
Technical Field
The present invention relates to the field of computer information processing technology, and more particularly, to a data acquisition method and apparatus for an application program, and a storage medium and an electronic device.
Background
In some business scenarios, it is necessary to obtain public data of an application. In general, after the proxy is configured on the WiFi of the mobile phone, the client certificate issued by the packet grabbing tool is trusted, and all flow requests of the App for interaction with the outside can be obtained under normal conditions. However, some apps cannot use proxy software to perform packet capturing analysis, because the network interaction request is further encapsulated inside the App, and a client certificate needs to be carried when each network request is made, so when the packet capturing tool is used, the network request directly fails because the client certificate is not configured, and an error status code is returned to indicate that the required protocol client certificate is not sent, so that how the App interacts with the server cannot be analyzed, and the construction request cannot be realized, so that the public data of the App cannot be obtained.
Some existing methods can acquire part of the public data of the App by operating the click application using an analog human hand. However, in the method, the encryption request between the App and the server is required to be intercepted first, the packet capturing analysis data can be carried out when the hand clicking is simulated, and the packet capturing tool cannot be used for capturing the packet directly, so that the reverse analysis can be carried out only by cracking the encryption algorithm, the method is complex and difficult, and the method is difficult to succeed.
Disclosure of Invention
The embodiment of the invention provides a data acquisition method and device for an application program, which are used for solving the problem of how to acquire the public data of the application program rapidly and efficiently.
In order to solve the above-mentioned problems, according to an aspect of the embodiments of the present invention, there is provided a data acquisition method of an application program, the method including:
grabbing a network request;
when the client certificate needs to be carried according to the network request, determining the client certificate corresponding to the application program and a secret key corresponding to the client certificate;
carrying out parameter analysis on the grabbed network request and determining the type of the request parameter;
and performing simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request.
Preferably, wherein the method further comprises:
analyzing the captured network request, and determining whether the application program sends the network request to carry the client certificate according to the returned data corresponding to the captured network request.
Preferably, the determining the client certificate corresponding to the application program and the key corresponding to the client certificate includes:
Decompilation analysis is carried out on the application program sending the network request, and decompilation files of the application program are obtained;
and determining a client certificate corresponding to the application program and a key corresponding to the client certificate according to the decompiled file.
Preferably, wherein the method further comprises:
and when decompilation analysis is carried out on the application program, determining that the application program is reinforced, unshelling the application program, and carrying out decompilation analysis on the unshelling file to obtain the decompiled file of the application program.
Preferably, the determining, according to the decompiled file, a client certificate corresponding to the application program and a key corresponding to the client certificate includes:
analyzing the decompiled file to determine a key function related to the client certificate;
determining a reference file in the key function, and determining a client certificate corresponding to the application program according to the reference file;
and performing global search according to the client certificate corresponding to the application program and a preset keyword, and determining a key corresponding to the client certificate.
Preferably, the determining the client certificate corresponding to the application program according to the reference file includes:
and for any reference file, configuring the any reference file on a bale plucking tool, and determining the any reference file as a client certificate corresponding to the application program when the correct return data corresponding to the grabbed network request is acquired.
Preferably, the parameter analysis of the grabbed network request, determining the request parameter type, includes:
and carrying out parameter analysis on the grabbed network request according to a preset parameter type analysis script so as to determine the request parameter type.
Preferably, the parameter analysis of the grabbed network request, determining the request parameter type, includes:
and for any request parameter, determining a request result corresponding to the network request grabbed after deleting the any request parameter, and determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter.
Preferably, the determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter includes:
If the request result corresponding to the grabbed network request indicates that the request is successful after deleting any request parameter, determining that any request parameter type is an unnecessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value capable of determining meaning, determining that the type of any request parameter is a first necessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value with a meaning which cannot be determined, determining that any request parameter type is an encryption parameter.
Preferably, the method further comprises:
when the request parameter type of any request parameter is determined to be an encryption parameter, positioning is performed by searching a keyword of any request parameter based on stack information of the grabbed network request and a decompilation file corresponding to the application program so as to determine the position of an encryption code, and code logic analysis is performed according to the determined position of the encryption code so as to determine encryption logic corresponding to any request parameter.
Preferably, the simulating construction of the first network request according to the request parameter type, the client certificate and the key corresponding to the client certificate includes:
and carrying out simulation construction of the first network request according to the request parameter with the request parameter type being the necessary parameter, the request parameter with the parameter type being the encryption parameter and/or the encryption logic with the parameter type being the request parameter of the encryption parameter, the client certificate and the secret key corresponding to the client certificate.
Preferably, wherein the method further comprises:
a terminal device proxy and a bundle tool are configured, and a client certificate corresponding to the application program and a key corresponding to the client certificate are configured in the bundle tool, so that the client certificate corresponding to the application program and the key corresponding to the client certificate are carried when the first network request is sent to a server.
Preferably, wherein the method further comprises:
the client certificate is converted to a plaintext client certificate using a key corresponding to the client certificate such that the first network request carries the plaintext client certificate.
According to another aspect of an embodiment of the present invention, there is provided a data acquisition apparatus for an application program, the apparatus including:
The network request grabbing module is used for grabbing network requests;
the certificate and key determining module is used for determining a client certificate corresponding to an application program and a key corresponding to the client certificate when the client certificate needs to be carried according to the network request of the crawling;
the request parameter type determining module is used for carrying out parameter analysis on the grabbed network request and determining the request parameter type;
and the data acquisition module is used for carrying out simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request.
According to a further aspect of embodiments of the present invention, there is provided a computer readable storage medium storing a computer program for performing the method according to any one of the above embodiments of the present invention.
According to still another aspect of an embodiment of the present invention, there is provided an electronic apparatus including: a processor and a memory; wherein,
the memory is used for storing the processor executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method according to any of the foregoing embodiments of the present invention.
According to a further aspect of embodiments of the present invention, there is provided a computer program comprising computer readable code which, when run on a device, causes a processor in the device to perform a method for implementing any of the embodiments of the present invention as described above.
The invention provides a data acquisition method and device of an application program, a storage medium and electronic equipment, wherein the method comprises the following steps: grabbing a network request; when the client certificate needs to be carried according to the network request, determining the client certificate corresponding to the application program and a secret key corresponding to the client certificate; carrying out parameter analysis on the grabbed network request and determining the type of the request parameter; and performing simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request. The method of the embodiment of the invention can obtain the encryption parameters in a multithreading and concurrency way under the condition of not cracking the application program by determining the client certificate of the application program, and can send the normal network request under the condition of ensuring the normal operation of the application program, thereby efficiently obtaining the public data of the application program, simplifying the flow on one hand, directly obtaining the most original request, reducing the complexity and complexity of directly cracking the encryption algorithm of the application program on the other hand, and achieving the effect of obtaining the data.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:
FIG. 1 is a flowchart of a method 100 for data acquisition of an application program according to an exemplary embodiment of the present invention;
FIG. 2 is a flowchart of a method 200 for data acquisition of an application program according to an exemplary embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data acquisition device 300 of an application program according to an exemplary embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an exemplary embodiment of the present invention.
Detailed Description
Hereinafter, exemplary embodiments according to the present invention will be described in detail with reference to the accompanying drawings. It should be apparent that the described embodiments are only some embodiments of the present invention and not all embodiments of the present invention, and it should be understood that the present invention is not limited by the example embodiments described herein.
It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present invention are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present invention, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in an embodiment of the invention may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in the present invention is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In the present invention, the character "/" generally indicates that the front and rear related objects are an or relationship.
It should also be understood that the description of the embodiments of the present invention emphasizes the differences between the embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, the techniques, methods, and apparatus should be considered part of the specification.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the invention are operational with numerous other general purpose or special purpose computing system environments or configurations with electronic devices, such as terminal devices, computer systems, servers, etc. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
Exemplary method
Fig. 1 is a flowchart of a method for acquiring application public data according to an exemplary embodiment of the present invention. The embodiment can be applied to an electronic device, as shown in fig. 1, and includes the following steps:
step 101, grabbing a network request.
Preferably, wherein the method further comprises:
analyzing the captured network request, and determining whether the application program sends the network request to carry the client certificate according to the returned data corresponding to the captured network request.
In the embodiment of the invention, firstly, a packet capturing tool is utilized to capture network requests (network requests such as https, http and tcp) sent to a server side by an application program, then the captured requests are analyzed, and whether the application program needs to carry a client certificate or not when sending the network requests is determined according to return data corresponding to the captured network requests. After analyzing the network request, if the return data, such as a message indicating that the client certificate needs to be carried, is "the client certificate needs to be carried", the client certificate needs to be carried is determined. At this time, the client certificate needs to be acquired to enable construction of the network request, thereby acquiring the public data.
And 102, when the client certificate needs to be carried according to the network request, determining the client certificate corresponding to the application program and the key corresponding to the client certificate.
Preferably, the determining the client certificate corresponding to the application program and the key corresponding to the client certificate includes:
decompilation analysis is carried out on the application program sending the network request, and decompilation files of the application program are obtained;
And determining a client certificate corresponding to the application program and a key corresponding to the client certificate according to the decompiled file.
In the embodiment of the invention, when the client certificate needs to be carried according to the captured network request, decompiling analysis is firstly carried out on an apk file of an application program to obtain the decompiled file of the application program; and then determining a client certificate corresponding to the application program and a key corresponding to the client certificate according to the decompiled file. Specifically, decompilation analysis is performed on an APK file of an application program to obtain a dex file (the dex file is a file in an Android system, is a special data format and is similar to APK, jar and other format files), and then decompilation is performed on a target dex file by using an open source decompilation tool Jadx-GUI to obtain and store the decompilation file (namely, a source code file of the application program); then, a client certificate corresponding to the application program and a key corresponding to the client certificate are determined according to the decompiled file.
Preferably, wherein the method further comprises:
and when decompilation analysis is carried out on the application program, determining that the application program is reinforced, unshelling the application program, and carrying out decompilation analysis on the unshelling file to obtain the decompiled file of the application program.
In some alternative embodiments, for an application, when decompiling analysis is performed, if the number of decompiled files is found to be much smaller than the number of decompiled files of an application that is not shelled, and when the viewing is opened in turn, the content is found to be the code of a third party package, it may be determined that the application is shelled (hardened). In addition, the existing shell checking tool can be used for inquiring to determine whether the application program is shelled.
Application shell (reinforcement) generally belongs to software encryption, and application shell refers to embedding a section of code into a binary application program to encrypt, hide and confuse an original binary original text. The shell adding is a method for applying encryption, and after the shell adding is applied, the control right of a program can be preferentially obtained in the running process, and some additional safety work is performed. The cased program can effectively prevent disassembly analysis of the program, and the technology is also commonly used for protecting software copyright and preventing the software from being cracked. Popular explanation and shell addition can effectively prevent programs from being cracked and being plagued caused by implantation of malicious codes, and protect privacy information and data leakage of users. The unshelling process refers to obtaining the running source code of the application program in a certain mode, so that the application program is obtained to the running logic, and the required content can be obtained through analysis.
When the application program is reinforced, the application program needs to be unshelling, and decompilation analysis is performed on the unshelling file to obtain the decompiled file of the application program. In an embodiment of the present invention, the application program may be dehulled in the following manner, including: firstly, preparing an android 6.0.1 mobile phone with root authority, then installing and opening a unshelling tool FDex2 software on the mobile phone, wherein the software can detect an application program which is installed on the mobile phone, the FDex2 tool unshelling a source file of a target application program when clicking the target application program, then opening the target application program, and after loading the target application program, the FDex2 can put a unshelling generated dex file into a designated directory, and the unshelling is successful. Then, the decompiled file (namely, the source code file of the application program) can be obtained by transmitting the decompiled file in the specified directory to a computer through a transmitting tool ADB (android debug bridge) and decompiling the target decompiled file by using an open source decompiling tool Jadx-GUI.
Preferably, the determining, according to the decompiled file, a client certificate corresponding to the application program and a key corresponding to the client certificate includes:
Analyzing the decompiled file to determine a key function related to the client certificate;
determining a reference file in the key function, and determining a client certificate corresponding to the application program according to the reference file;
and performing global search according to the client certificate corresponding to the application program and a preset keyword, and determining a key corresponding to the client certificate.
In the embodiment of the invention, an editing tool is used for opening a decompiled file, a reference file of a key function is determined by analyzing the key function related to the source code, and a static client certificate is obtained from the decompiled aset file according to the reference file, wherein the suffix name of the client certificate is generally.p12. After the client certificate static file is obtained, the key of the client certificate needs to be obtained. In general, the key is stored separately from the static file, and the key exists in the code, so that the correct key can be found by globally searching the code for a word pattern of a general indication password, such as "password", "pwd", and the like. For example, the password= "123456" appears in the code somewhere, and the processing of the certificate, and the reference to the certificate, is found in the context of the source file code of the application, then it can be determined that the key of the certificate is "123456".
Preferably, the determining the client certificate corresponding to the application program according to the reference file includes:
and for any reference file, configuring the any reference file on a bale plucking tool, and determining the any reference file as a client certificate corresponding to the application program when the correct return data corresponding to the grabbed network request is acquired.
In the embodiment of the invention, since there may be a plurality of key functions related to the client certificate in the source code of the application program, when the plurality of key functions are analyzed, a plurality of reference files are obtained, and since it is uncertain which reference file is the client certificate, the construction of the second network request is needed, and the client certificate is determined according to the return value.
Specifically, for any reference file, configuring the any reference file on a packet capturing tool, and when the correct return data corresponding to the captured network request is acquired, determining that the any reference file is a client certificate corresponding to the application program.
For example, when the functions SSLContent, keyStore, cert for certificate processing are found to appear through global searching, the logic of the functions is searched to determine the position where the certificate reference appears, and then the reference file is configured on the packet capturing tool according to the determined reference file, if the correct return data corresponding to the captured network request can be obtained, the reference file is determined to be the client certificate. If a static file, such as R.drapable.Certification, is referenced, the corresponding resource file must be a certificate file.
Preferably, wherein the method further comprises:
a terminal device proxy and a bundle tool are configured, and a client certificate corresponding to the application program and a key corresponding to the client certificate are configured in the bundle tool, so that the client certificate corresponding to the application program and the key corresponding to the client certificate are carried when the first network request is sent to a server.
In the embodiment of the invention, after the client certificate and the key are determined, a terminal equipment (mobile phone) proxy and a packet capturing tool Charles can be configured, the client certificate corresponding to the application program and the key corresponding to the client certificate are configured in SSL Setting of the packet capturing tool Charles, then the application program can carry the client certificate when interacting with a server, through Setting the client certificate of trust Charles in the mobile phone, the Https flow passing through the intermediate proxy Charles can be decrypted, and the constructed first network request can also carry the client certificate corresponding to the application program and the key corresponding to the client certificate when being sent to the server.
And 103, carrying out parameter analysis on the grabbed network request, and determining the request parameter type.
Preferably, the parameter analysis of the network request to be grabbed, determining a request parameter type, includes:
and carrying out parameter analysis on the grabbed network request according to a preset parameter type analysis script so as to determine the request parameter type.
Preferably, the parameter analysis of the network request to be grabbed, determining a request parameter type, includes:
and for any request parameter, determining a request result corresponding to the network request grabbed after deleting the any request parameter, and determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter.
Preferably, the determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter includes:
if the request result corresponding to the grabbed network request indicates that the request is successful after deleting any request parameter, determining that any request parameter type is an unnecessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value capable of determining meaning, determining that the type of any request parameter is a first necessary parameter;
If the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value with a meaning which cannot be determined, determining that any request parameter type is an encryption parameter.
Preferably, the method further comprises:
when the request parameter type of any request parameter is determined to be an encryption parameter, positioning is performed by searching a keyword of any request parameter based on stack information of the grabbed network request and a decompilation file corresponding to the application program so as to determine the position of an encryption code, and code logic analysis is performed according to the determined position of the encryption code so as to determine encryption logic corresponding to any request parameter.
In the embodiment of the invention, parameter analysis is carried out on the grabbed network request, wherein some parameters are necessary parameters, such as commodity search words including Beijing, tianjin and the like; some parameters are unnecessary parameters such as system version, wiFi, etc.; some parameters are encryption parameters, and if the parameters are missing, the network request cannot be communicated. Thus, the present invention determines the request parameter type for each request parameter by a controlled variable method for use in the analog construction of subsequent network requests.
Specifically, the invention firstly determines the name of each request parameter in the network request which is grabbed, then, for any request parameter, determines the request result corresponding to the network request which is grabbed after deleting any request parameter, and determines the request parameter type of any request parameter according to the request result corresponding to the network request which is grabbed after deleting any request parameter. And when the request parameter type of the request parameter is an encryption parameter, locating by searching a keyword of the request parameter based on all stack information of the grabbed network request and the decompiled file corresponding to the application program so as to determine encryption logic corresponding to the request parameter.
For example, for request parameters a, b, c (assuming parameter names), each request parameter is traversed in order to determine the request parameter type. If the request parameter a is removed from the network request, if the request result corresponding to the network request still indicates that the request is successful after the deletion of the request parameter a is found, the request parameter type of the request parameter a is primarily determined to be an unnecessary parameter. If the request parameter b is removed, the request result is found to be likely to request failure and the value corresponding to the request parameter b is checked, and if the value is a readable value, the specific meaning of the parameter can be guessed: such as page=1, keyword=beijing, etc., representing parameters that need to be changed to obtain the desired result when a subsequent simulation request is made. If the request result indicates that the request fails after deleting the request parameter b, and the value corresponding to the request parameter b is a character string with an undetermined meaning, determining the request parameter type of the request parameter b as an encryption parameter. For example, the request parameter sign=c4ca 4238a0b923820dcc509a6f75849b, and the request parameter type is preliminarily determined as the encryption parameter.
Since the encryption parameters generally consist of necessary parameters through a specific encryption algorithm, the App end sends the request to the server through the network, the server operates through the same encryption algorithm, and if the obtained result is consistent with the result of the encryption parameters submitted by the App, the request is regarded as a legal request, and the data can be obtained, so that encryption logic for determining the encryption parameters is also needed.
In the invention, script Hook encryption parameters are written by using JavaScript. The method analyzes the meaning of specific functions step by step through the functions passing through the function call stack, combines the source code analysis reversely compiled by the jadx, and quickly locates the generation logic of the encryption parameters by searching the key of the encryption parameters. Finally, according to the determined request parameters with the request parameter type as the necessary parameters, the request parameters with the parameter type as the encryption parameters and/or the encryption logic with the request parameters with the parameter type as the encryption parameters, the simulation construction is carried out to generate the modified network request. In addition, since some encryption logic is very complex and exists in Native functions (functions calling c++ library), at this time, the encryption algorithm may not be completely restored, so that a calling place and a calling entry need to be found, then the same parameters are transferred by using the Frida Hook encryption function, the function is executed to obtain encrypted data, and a network request is directly constructed according to the necessary parameters and the encrypted data, so as to generate a modified network request.
For example, requesting information about Beijing, assuming that there are only two parameters, one of which is a necessary parameter and the other is an encryption parameter, we need to use the necessary parameters therein such as: the keyword is changed into Beijing, then the keyword=Beijing mobile phone application program is called by the Frida Hook function to encrypt, and the encrypted character string is obtained as follows: b118330bf6d5094d8f1f742713d242e7 now has two parameters keyword=beijing and sign=b 118330bf6d5094d8f1f742713d242e7, then submits the network request, the web address is obtained by S203 analysis, the request header is also obtained by S203, and is typically a fixed key value pair, thus sending the request to the server through the web address, the request header and the request parameters (request body), and finally obtaining the correct return result of the server.
And 104, performing simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request.
Preferably, the simulating construction of the first network request according to the request parameter type, the client certificate and the key corresponding to the client certificate includes:
And carrying out simulation construction of the first network request according to the request parameter with the request parameter type being the necessary parameter, the request parameter with the parameter type being the encryption parameter and/or the encryption logic with the parameter type being the request parameter of the encryption parameter, the client certificate and the secret key corresponding to the client certificate.
Preferably, wherein the method further comprises:
the client certificate is converted to a plaintext client certificate using a key corresponding to the client certificate such that the first network request carries the plaintext client certificate.
Because the client certificates obtained from the Apk static resource are all client certificates in the.p12 format, in the embodiment of the invention, the client certificates are also required to be converted into plaintext client certificates in the pep format by using an openssl command in cooperation with a client certificate key, so as to be carried by a program, and the conversion command is "" openssl pkcs12-in authentication.p12-out authentication.pep-nodes ".
In the embodiment of the invention, the acquired return data is the public data returned to the application program. After the client certificate, the secret key and the parameter analysis result are obtained, the first network request can be constructed, and the client certificate is carried when the request is made. By writing the Python program, writing the request program to carry the client certificate and the encryption parameter, the large-scale request can be carried out to acquire the data, so that the flow is simplified, the original request is directly acquired, the complexity and complexity of directly cracking the encryption algorithm of the application program are reduced, and the effect of acquiring the data is achieved.
For example, after the request is constructed, the constructed request is sent to the server, the server determines that the request carries the client certificate after receiving the request, the server verifies the correctness of the certificate, and if the client certificate is confirmed to be correct, the data is returned through verification.
Fig. 2 is a flowchart of a data acquisition method 200 of an application program according to an exemplary embodiment of the present invention. As shown in fig. 2, the data acquisition method of the application program includes:
step 201, capturing a network request, and determining whether the application program sends the network request to carry a client certificate according to return data corresponding to the captured network request;
step 202, when it is determined that the client certificate needs to be carried according to the network request, if the application program is reinforced, unshelling the application program, and decompiling analysis is performed on the unshelling file, so as to obtain a decompiled file of the application program;
step 203, determining a client certificate corresponding to the application program and a key corresponding to the client certificate according to the decompiled file;
step 204, configuring a terminal device proxy and a packet capturing tool, and configuring a client certificate corresponding to the application program and a key corresponding to the client certificate in the packet capturing tool;
Step 205, performing parameter analysis on the grabbed network request to determine the request parameter type;
step 206, converting the client certificate into a plaintext client certificate by using a key corresponding to the client certificate;
step 207, performing simulation construction of a first network request according to the request parameter type, the client certificate and the key corresponding to the client certificate, so as to obtain return data according to the first network request.
Exemplary apparatus
Fig. 3 is a schematic structural diagram of a data acquisition device 300 of an application program according to an exemplary embodiment of the present invention. As shown in fig. 3, the present embodiment includes:
the network request grabbing module 301 is configured to grab a network request.
And the certificate and key determining module 302 is configured to determine, when it is determined that the client certificate needs to be carried according to the network request, a client certificate corresponding to the application program and a key corresponding to the client certificate.
Preferably, the certificate and key determination module 302 further includes:
analyzing the captured network request, and determining whether the application program sends the network request to carry the client certificate according to the returned data corresponding to the captured network request.
Preferably, the certificate and key determining module 302 determines a client certificate corresponding to an application program and a key corresponding to the client certificate, including:
decompilation analysis is carried out on the application program sending the network request, and decompilation files of the application program are obtained;
and determining a client certificate corresponding to the application program and a key corresponding to the client certificate according to the decompiled file.
Preferably, the certificate and key determination module 302 further includes:
and when decompilation analysis is carried out on the application program, determining that the application program is reinforced, unshelling the application program, and carrying out decompilation analysis on the unshelling file to obtain the decompiled file of the application program.
Preferably, the certificate and key determining module 302 determines, according to the decompiled file, a client certificate corresponding to the application program and a key corresponding to the client certificate, including:
analyzing the decompiled file to determine a key function related to the client certificate;
determining a reference file in the key function, and determining a client certificate corresponding to the application program according to the reference file;
And performing global search according to the client certificate corresponding to the application program and a preset keyword, and determining a key corresponding to the client certificate.
Preferably, the certificate and key determining module 302 determines, according to the reference file, a client certificate corresponding to the application program, including:
and for any reference file, configuring the any reference file on a bale plucking tool, and determining the any reference file as a client certificate corresponding to the application program when the correct return data corresponding to the grabbed network request is acquired.
The request parameter type determining module 303 is configured to perform parameter analysis on the grabbed network request, and determine a request parameter type.
Preferably, the request parameter type determining module 303 performs parameter analysis on the grabbed network request to determine a request parameter type, including:
and carrying out parameter analysis on the grabbed network request according to a preset parameter type analysis script so as to determine the request parameter type.
Preferably, the request parameter type determining module 303 performs parameter analysis on the grabbed network request to determine a request parameter type, including:
And for any request parameter, determining a request result corresponding to the network request grabbed after deleting the any request parameter, and determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter.
Preferably, the request parameter type determining module 303 determines the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter, including:
if the request result corresponding to the grabbed network request indicates that the request is successful after deleting any request parameter, determining that any request parameter type is an unnecessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value capable of determining meaning, determining that the type of any request parameter is a first necessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value with a meaning which cannot be determined, determining that any request parameter type is an encryption parameter.
Preferably, the request parameter type determining module 303 further includes:
when the request parameter type of any request parameter is determined to be an encryption parameter, positioning is performed by searching a keyword of any request parameter based on stack information of the grabbed network request and a decompilation file corresponding to the application program so as to determine the position of an encryption code, and code logic analysis is performed according to the determined position of the encryption code so as to determine encryption logic corresponding to any request parameter.
The data obtaining module 304 is configured to perform a simulation construction of the first network request according to the request parameter type, the client certificate and the key corresponding to the client certificate, so as to obtain the return data according to the first network request.
Preferably, the data obtaining module 304 performs a simulation construction of the first network request according to the request parameter type, the client certificate and the key corresponding to the client certificate, and includes: and carrying out simulation construction of the first network request according to the request parameter with the request parameter type being the necessary parameter, the request parameter with the parameter type being the encryption parameter and/or the encryption logic with the parameter type being the request parameter of the encryption parameter, the client certificate and the secret key corresponding to the client certificate.
Preferably, wherein the apparatus further comprises: a configuration module, configured to configure a terminal device proxy and a packet capturing tool, and configure a client certificate corresponding to the application program and a key corresponding to the client certificate in the packet capturing tool, so that the client certificate corresponding to the application program and the key corresponding to the client certificate are carried when the first network request is sent to a server.
Preferably, wherein the apparatus further comprises: and the client certificate conversion module is used for converting the client certificate into a plaintext client certificate by utilizing a key corresponding to the client certificate, so that the first network request carries the plaintext client certificate.
The apparatus 300 for acquiring application public data according to the embodiment of the present invention corresponds to the method 100 for acquiring application public data according to another embodiment of the present invention, and is not described herein.
Exemplary electronic device
Fig. 4 is a structure of an electronic device provided in an exemplary embodiment of the present invention. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom. Fig. 4 illustrates a block diagram of an electronic device according to an embodiment of the disclosure. As shown in fig. 4, the electronic device 40 includes one or more processors 41 and memory 42.
The processor 41 may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
Memory 42 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that can be executed by the processor 41 to implement the method of information mining historical change records and/or other desired functions of the software program of the various embodiments of the present disclosure described above. In one example, the electronic device may further include: an input device 43 and an output device 44, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device 43 may also include, for example, a keyboard, a mouse, and the like.
The output device 44 can output various information to the outside. The output device 44 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 4 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
Exemplary computer program product and computer readable storage Medium
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in a method of mining historical change records according to various embodiments of the present disclosure described in the "exemplary methods" section of this specification.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium, having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform steps in a method of mining history change records according to various embodiments of the present disclosure described in the above "exemplary methods" section of the present disclosure.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure. The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.

Claims (14)

1. A method for acquiring data of an application program, the method comprising:
grabbing a network request;
when the client certificate needs to be carried according to the network request, determining the client certificate corresponding to the application program and a secret key corresponding to the client certificate;
carrying out parameter analysis on the grabbed network request and determining the type of the request parameter;
performing simulation construction of a first network request according to the request parameter type, the client certificate and a secret key corresponding to the client certificate so as to acquire return data according to the first network request;
wherein the determining the client certificate corresponding to the application program and the key corresponding to the client certificate comprises:
decompilation analysis is carried out on the application program sending the network request, and decompilation files of the application program are obtained;
Determining, from the decompiled file, a client certificate corresponding to the application program and a key corresponding to the client certificate, including: analyzing the decompiled file to determine a key function related to the client certificate; determining a reference file in the key function, and determining a client certificate corresponding to the application program according to the reference file; performing global search according to a client certificate corresponding to the application program and a preset keyword, and determining a key corresponding to the client certificate;
the simulating construction of the first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate comprises the following steps:
and carrying out simulation construction of the first network request according to the request parameter with the request parameter type being the necessary parameter, the request parameter with the parameter type being the encryption parameter and/or the encryption logic with the parameter type being the request parameter of the encryption parameter, the client certificate and the secret key corresponding to the client certificate.
2. The method according to claim 1, wherein the method further comprises:
analyzing the captured network request, and determining whether the application program sends the network request to carry the client certificate according to the returned data corresponding to the captured network request.
3. The method according to claim 1, wherein the method further comprises:
and when decompilation analysis is carried out on the application program, determining that the application program is reinforced, unshelling the application program, and carrying out decompilation analysis on the unshelling file to obtain the decompiled file of the application program.
4. The method of claim 1, wherein said determining a client certificate corresponding to the application program from the reference file comprises:
and for any reference file, configuring the any reference file on a bale plucking tool, and determining the any reference file as a client certificate corresponding to the application program when the correct return data corresponding to the grabbed network request is acquired.
5. The method of claim 1, wherein the parameter analysis of the grabbed network request to determine the request parameter type comprises:
and carrying out parameter analysis on the grabbed network request according to a preset parameter type analysis script so as to determine the request parameter type.
6. The method of claim 5, wherein the parameter analyzing the grabbed network request to determine the request parameter type comprises:
And for any request parameter, determining a request result corresponding to the network request grabbed after deleting the any request parameter, and determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter.
7. The method of claim 6, wherein determining the request parameter type of the any request parameter according to the request result corresponding to the network request grabbed after deleting the any request parameter comprises:
if the request result corresponding to the grabbed network request indicates that the request is successful after deleting any request parameter, determining that any request parameter type is an unnecessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value capable of determining meaning, determining that the type of any request parameter is a first necessary parameter;
if the request result corresponding to the grabbed network request indicates that the request fails after deleting any request parameter, and the value corresponding to any request parameter is a value with a meaning which cannot be determined, determining that any request parameter type is an encryption parameter.
8. The method as recited in claim 7, further comprising:
when the request parameter type of any request parameter is determined to be an encryption parameter, positioning is performed by searching a keyword of any request parameter based on stack information of the grabbed network request and a decompilation file corresponding to the application program so as to determine the position of an encryption code, and code logic analysis is performed according to the determined position of the encryption code so as to determine encryption logic corresponding to any request parameter.
9. The method according to claim 1, wherein the method further comprises:
a terminal device proxy and a bundle tool are configured, and a client certificate corresponding to the application program and a key corresponding to the client certificate are configured in the bundle tool, so that the client certificate corresponding to the application program and the key corresponding to the client certificate are carried when the first network request is sent to a server.
10. The method according to claim 1, wherein the method further comprises:
the client certificate is converted to a plaintext client certificate using a key corresponding to the client certificate such that the first network request carries the plaintext client certificate.
11. A data acquisition device for an application program, the device comprising:
the network request grabbing module is used for grabbing network requests;
the certificate and key determining module is used for determining a client certificate corresponding to an application program and a key corresponding to the client certificate when the client certificate needs to be carried according to the network request of the crawling;
the request parameter type determining module is used for carrying out parameter analysis on the grabbed network request and determining the request parameter type;
the data acquisition module is used for carrying out simulation construction of a first network request according to the request parameter type, the client certificate and the secret key corresponding to the client certificate so as to acquire return data according to the first network request;
wherein the certificate and key determination module determines a client certificate corresponding to an application program and a key corresponding to the client certificate, comprising:
decompilation analysis is carried out on the application program sending the network request, and decompilation files of the application program are obtained;
determining, from the decompiled file, a client certificate corresponding to the application program and a key corresponding to the client certificate, including: analyzing the decompiled file to determine a key function related to the client certificate; determining a reference file in the key function, and determining a client certificate corresponding to the application program according to the reference file; performing global search according to a client certificate corresponding to the application program and a preset keyword, and determining a key corresponding to the client certificate;
The data acquisition module performs a simulation construction of a first network request according to the request parameter type, a client certificate and a key corresponding to the client certificate, and includes:
and carrying out simulation construction of the first network request according to the request parameter with the request parameter type being the necessary parameter, the request parameter with the parameter type being the encryption parameter and/or the encryption logic with the parameter type being the request parameter of the encryption parameter, the client certificate and the secret key corresponding to the client certificate.
12. A computer readable storage medium, characterized in that the storage medium stores a computer program for executing the method of any of the preceding claims 1-10.
13. An electronic device, the electronic device comprising: a processor and a memory; wherein,
the memory is used for storing the processor executable instructions;
the processor being configured to read the executable instructions from the memory and execute the instructions to implement the method of any of the preceding claims 1-10.
14. A computer program product comprising a computer program, characterized in that a processor in a device performs the method for implementing any of the claims 1-10 when the computer program is run on the device.
CN202111010699.6A 2021-08-31 2021-08-31 Application program data acquisition method and device, storage medium and electronic equipment Active CN113886892B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111010699.6A CN113886892B (en) 2021-08-31 2021-08-31 Application program data acquisition method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111010699.6A CN113886892B (en) 2021-08-31 2021-08-31 Application program data acquisition method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113886892A CN113886892A (en) 2022-01-04
CN113886892B true CN113886892B (en) 2024-02-23

Family

ID=79011820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111010699.6A Active CN113886892B (en) 2021-08-31 2021-08-31 Application program data acquisition method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113886892B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248075A (en) * 2017-05-19 2017-10-13 飞天诚信科技股份有限公司 A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction
CN111428225A (en) * 2020-02-26 2020-07-17 深圳壹账通智能科技有限公司 Data interaction method and device, computer equipment and storage medium
CN111475824A (en) * 2020-03-23 2020-07-31 深圳前海百递网络有限公司 Data access method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302476B (en) * 2016-08-19 2019-06-25 腾讯科技(深圳)有限公司 Network node encryption method and network node encryption device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248075A (en) * 2017-05-19 2017-10-13 飞天诚信科技股份有限公司 A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction
CN111428225A (en) * 2020-02-26 2020-07-17 深圳壹账通智能科技有限公司 Data interaction method and device, computer equipment and storage medium
CN111475824A (en) * 2020-03-23 2020-07-31 深圳前海百递网络有限公司 Data access method, device, equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于服务端密钥存储的网络计算机数字证书系统;谭智勇;司天歌;戴一奇;;清华大学学报(自然科学版);20070715(第07期);全文 *
安全网络认证平台的研究与设计;李锋;郝一方;杨剑锋;;实验室研究与探索;20100615(第06期);全文 *

Also Published As

Publication number Publication date
CN113886892A (en) 2022-01-04

Similar Documents

Publication Publication Date Title
US10430588B2 (en) Method of and system for analysis of interaction patterns of malware with control centers for detection of cyber attack
US10482262B2 (en) Static analysis based on abstract program representations
US7360097B2 (en) System providing methodology for securing interfaces of executable files
JP6545136B2 (en) System and method for encrypted transmission of web pages
US7870610B1 (en) Detection of malicious programs
KR100268296B1 (en) Secured gateway interface
EP3424178A1 (en) Deterministic reproduction of client/server computer state or output sent to one or more client computers
WO2022252637A1 (en) Browser-based rpa implementation method and apparatus, device, and medium
US8667569B2 (en) Credentials management
US9954900B2 (en) Automating the creation and maintenance of policy compliant environments
CN109284585B (en) Script encryption method, script decryption operation method and related device
US20170099144A1 (en) Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system
WO2023029447A1 (en) Model protection method, device, apparatus, system and storage medium
CN111814166B (en) Data encryption method and device and electronic equipment
CN111200593A (en) Application login method and device and electronic equipment
CN114500054A (en) Service access method, service access device, electronic device, and storage medium
CN115580413A (en) Zero-trust multi-party data fusion calculation method and device
Atapour et al. Modeling Advanced Persistent Threats to enhance anomaly detection techniques
CN112153012B (en) Multi-terminal contact access method, device and storage medium
CN109522683A (en) Software source tracing method, system, computer equipment and storage medium
CN113886892B (en) Application program data acquisition method and device, storage medium and electronic equipment
Lee et al. Classification and analysis of security techniques for the user terminal area in the internet banking service
AU2013237707B2 (en) Prevention of forgery of web requests to a server
Thakkar Heartbleed: A formal methods perspective
US11038844B2 (en) System and method of analyzing the content of encrypted network traffic

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230803

Address after: Room 404-405, 504, Building B-17-1, Big data Industrial Park, Kecheng Street, Yannan High tech Zone, Yancheng, Jiangsu Province, 224000

Applicant after: Yancheng Tianyanchawei Technology Co.,Ltd.

Address before: 224000 room 501-503, building b-17-1, Xuehai road big data Industrial Park, Kecheng street, Yannan high tech Zone, Yancheng City, Jiangsu Province

Applicant before: Yancheng Jindi Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant