CN116738432A - Digital currency wallet security detection method and device and electronic equipment - Google Patents
Digital currency wallet security detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN116738432A CN116738432A CN202310423454.9A CN202310423454A CN116738432A CN 116738432 A CN116738432 A CN 116738432A CN 202310423454 A CN202310423454 A CN 202310423454A CN 116738432 A CN116738432 A CN 116738432A
- Authority
- CN
- China
- Prior art keywords
- digital currency
- code
- information
- currency wallet
- wallet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 74
- 230000003068 static effect Effects 0.000 claims abstract description 31
- 238000012360 testing method Methods 0.000 claims abstract description 19
- 230000006870 function Effects 0.000 claims description 45
- 238000000034 method Methods 0.000 claims description 34
- 230000008569 process Effects 0.000 claims description 16
- 238000007781 pre-processing Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 3
- 238000003780 insertion Methods 0.000 abstract description 3
- 230000037431 insertion Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 11
- 239000000523 sample Substances 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 241000282414 Homo sapiens Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3624—Software debugging by performing operations on the source code, e.g. via a compiler
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3644—Software debugging by instrumenting at runtime
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The application provides a digital currency wallet security detection method and device and electronic equipment. The digital currency wallet security detection method comprises the following steps: acquiring a target digital currency wallet program to be detected; performing static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program where code stake insertion can be performed to obtain a stake insertion position; writing a pre-constructed information acquisition code in the pile inserting position; collecting dynamic information of a target digital currency wallet program based on the information collection code; performing vulnerability determination based on the dynamic information to obtain a vulnerability detection result; and outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program. The detection method provided by the application realizes the effective detection of the security of the digital currency wallet, and the detection is more efficient, comprehensive and accurate.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for detecting security of a digital currency wallet, and an electronic device.
Background
Digital money wallets are used as an intermediary between users and blockchains and are subject to various attacks ranging from anonymization to password cracking. Numerous large-scale attack events to digital money wallets have occurred, causing high losses to the user. However, there is currently no effective security detection method for digital currency wallets, so that the security of digital currency wallets faces a great challenge.
Disclosure of Invention
Therefore, the application aims to provide a digital currency wallet security detection method, a digital currency wallet security detection device and electronic equipment, which are used for effectively detecting the security of a digital currency wallet, finding the security hole of the digital currency wallet in time and realizing high-efficiency and comprehensive digital currency wallet security detection.
Based on the above object, the present application provides a digital money wallet security detection method, comprising:
acquiring a target digital currency wallet program to be detected;
performing static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program where code instrumentation can be performed to obtain an instrumentation position;
Writing a pre-constructed information acquisition code in the pile inserting position;
collecting dynamic information of the target digital currency wallet program based on the information collection code;
performing vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
and outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program.
Further, the performing static analysis on the target digital currency wallet program, analyzing the code stain of the target digital currency wallet program to obtain a stain analysis result, and analyzing the position where the target digital currency wallet program can perform code instrumentation to obtain an instrumentation position includes:
acquiring a source code of the target digital currency wallet program;
preprocessing the source code to obtain an abstract syntax tree corresponding to the source code;
and performing taint analysis to obtain a taint analysis result based on the abstract syntax tree, and performing code instrumentation position analysis to obtain the instrumentation position.
Further, the performing code instrumentation position analysis to obtain the instrumentation position includes:
traversing the abstract syntax tree from the starting point of the abstract syntax tree, identifying an objective function, and determining the position of the objective function;
Acquiring configuration file information of the target digital currency wallet, determining a main interface of the target digital currency wallet program, and determining an HTML page corresponding to the main interface;
and outputting the position of the objective function and the HTML page corresponding to the main interface as the pile inserting position.
Further, the information acquisition codes include a first acquisition code and a second acquisition code, and writing the pre-built information acquisition codes in the instrumentation position includes:
writing the first acquisition code in the position of the objective function, wherein the first acquisition code is used for acquiring the context information of the objective function;
and writing the second acquisition code into the HTML page corresponding to the main interface, wherein the second acquisition code is used for acquiring the local storage information and the HTML tag information.
Further, the performing the taint analysis to obtain the taint analysis result includes at least one of identifying a taint point source, identifying a taint point convergence point, and identifying a taint propagation path.
Further, the preprocessing the source code to obtain an abstract syntax tree corresponding to the source code includes:
and carrying out structural arrangement on the source codes, carrying out lexical and grammatical analysis based on structural arrangement results, and constructing an abstract grammar tree corresponding to the source codes based on analysis results.
Further, the collecting dynamic information of the target digital money wallet program based on the information collecting code includes:
operating the target digital currency wallet program based on the pre-collected digital currency wallet operation semantic information, and acquiring data in the operation process of the target digital currency wallet program by utilizing the information acquisition code to obtain the dynamic information;
the digital currency wallet operation semantic information comprises operation flow information of the digital currency wallet, wherein the operation flow information comprises an operation interface and a skip relation between the operation interfaces.
Further, the information acquisition code is established according to the digital currency wallet operation semantic information.
Based on the same inventive concept, the invention also provides a digital currency wallet security detection device, comprising:
the acquisition module is used for acquiring a target digital currency wallet program to be detected;
the static analysis module is used for carrying out static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program, where code instrumentation can be carried out, to obtain an instrumentation position;
The pile inserting module is used for writing a pre-constructed information acquisition code in the pile inserting position;
the dynamic analysis module is used for acquiring dynamic information of the target digital currency wallet program based on the information acquisition code;
the vulnerability detection module is used for carrying out vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
and the output module is used for outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program.
Based on the same inventive concept, the application also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes a digital currency wallet security detection method when executing the program.
As can be seen from the above, the digital currency wallet security detection method, device and electronic equipment provided by the application analyze the code stain and the position where the code instrumentation can be performed in the target digital currency wallet program through static analysis, respectively obtain a stain analysis result and an instrumentation position, detect stain type loopholes in the target digital currency wallet program, and simultaneously provide a basic condition for writing the subsequent information acquisition codes by determining the instrumentation position; by writing a pre-constructed information acquisition code in the stake inserting position, the dynamic information acquisition and the dynamic vulnerability judgment of the digital currency wallet are realized, the possible security vulnerability of the digital currency wallet in the operation process is detected, and the security test of the digital currency wallet is effectively realized; by combining static analysis and dynamic information acquisition, various security holes in the digital currency wallet can be comprehensively and efficiently detected, and the security of the digital currency wallet is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a schematic diagram of a digital money wallet security detection method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a digital money wallet security detection device according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an electronic device according to an embodiment of the present application;
fig. 4 is a schematic diagram of an application scenario of a digital money wallet security detection method according to an embodiment of the present application.
Detailed Description
The present application will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present application more apparent.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
The digital money wallet is a tool for helping users store, manage and trade digital money, and can accept digital money transferred by others to users and transfer digital money assets owned by the user wallet to others by using digital money collection addresses generated in the wallet. Therefore, whether the digital money wallet is secure or not is one of the important considerations for the user to decide whether to use.
Since the advent of digital currency, digital currency wallets have been the medium between users and blockchains, subject to various attacks ranging from anonymization to password cracking. Numerous large-scale attack events to digital money wallets have occurred, causing high losses to the user. However, there is currently no effective security detection method for digital currency wallets, so that the security of digital currency wallets faces a great challenge.
One form of digital money wallet is a browser plug-in wallet (Web wallet). The Web wallet can be used by adding a corresponding extension program in the browser without downloading, belongs to a lightweight wallet, has low requirement on equipment resources and is convenient to use. Due to the characteristics of light weight, convenience and the like of the Web wallets, more and more users choose to use the Web wallets. However, there is no security testing method for the Web wallet at present, so that the security of the Web wallet faces a certain challenge.
Based on the above situation, the present application provides a method for detecting security of a digital money wallet, as shown in fig. 1, to realize security test of the digital money wallet, especially for detecting a Web wallet, specifically including:
s11: acquiring a target digital currency wallet program to be detected;
s12: performing static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program where code instrumentation can be performed to obtain an instrumentation position;
s13: writing a pre-constructed information acquisition code in the pile inserting position;
s14: collecting dynamic information of the target digital currency wallet program based on the information collection code;
s15: performing vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
s16: and outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program.
In the process, code blobs of the target digital currency wallet program are analyzed through static analysis to obtain blobs analysis results, so that blobs of grammar, structure, process, interfaces and the like in the target digital currency wallet program are detected; the static analysis is carried out on the position where code instrumentation can be carried out on the target digital currency wallet program, the instrumentation position is determined, and a foundation is provided for the acquisition of subsequent dynamic information; by writing the pre-built information acquisition code in the stake inserting position, the dynamic information acquisition and the dynamic vulnerability judgment of the digital currency wallet are realized, the possible security vulnerability of the digital currency wallet in the operation process is found, and the security test of the digital currency wallet is effectively realized. Step S14 is actually a dynamic analysis process, and the application realizes the effective combination of static analysis and dynamic analysis, can comprehensively and efficiently detect the security holes existing in the digital currency wallet, and effectively improves the security of the digital currency wallet.
In some embodiments, step S12 includes:
s121: acquiring a source code of the target digital currency wallet program;
s122: preprocessing the source code to obtain an abstract syntax tree corresponding to the source code;
s123: and performing taint analysis to obtain a taint analysis result based on the abstract syntax tree, and performing code instrumentation position analysis to obtain the instrumentation position.
Because the source code of the target digital currency wallet program usually has no fixed format, the structure is disordered, and the problems of low analysis efficiency, low accuracy and the like exist in the direct analysis of the source code. Therefore, the source code is preprocessed to form the corresponding abstract syntax tree, and then the stain analysis and the code instrumentation position analysis are performed based on the abstract syntax tree to respectively obtain a stain analysis result and an instrumentation position, so that the analysis efficiency and the accuracy are higher.
An abstract syntax tree (Abstract Syntax Tree, AST) is a tree representation of the abstract syntax structure of source code, each node on the tree representing a structure in the source code. By analyzing based on the abstract syntax tree, declaration sentences, assignment sentences, operation sentences and the like can be accurately positioned, so that the obtained stain analysis result and the pile inserting position are more accurate, and accurate code pile inserting can be realized later, and the detection accuracy and efficiency are improved effectively.
In some embodiments, the performing the code instrumentation location analysis to obtain the instrumentation location includes:
traversing the abstract syntax tree from the starting point of the abstract syntax tree, identifying an objective function, and determining the position of the objective function;
acquiring configuration file information of the target digital currency wallet, determining a main interface of the target digital currency wallet program, and determining an HTML page corresponding to the main interface;
and outputting the position of the objective function and the HTML page corresponding to the main interface as the pile inserting position.
The instrumentation is to insert a probe at a specific position under the condition of ensuring the integrity of the original logic of the target program, and to obtain a request, a code data stream, a code control stream and the like through the probe when the target program runs, and to comprehensively analyze and judge the vulnerability based on the request, the code, the data stream and the control stream. According to the application, through code instrumentation position analysis in static analysis, a pre-constructed information acquisition code is written in a corresponding position after the instrumentation position is determined, so that the insertion of a probe is realized, and a technical foundation is provided for the acquisition of subsequent dynamic information. In addition, the application determines at least two types of pile inserting positions, namely: the location of the objective function and the HTML (Hyper Text Markup Language ) page corresponding to the main interface can collect more detailed and comprehensive dynamic information, so that more input information can be provided when vulnerability determination is performed, and vulnerability detection is more comprehensive. Alternatively, the objective function may be all functions included in the source code, or may be a predetermined function, and the number, type, range, and the like of the objective function may be set according to specific requirements, which is not limited in particular.
In some embodiments, the information acquisition code includes a first acquisition code and a second acquisition code, and step S13 includes:
writing the first acquisition code in the position of the objective function, wherein the first acquisition code is used for acquiring the context information of the objective function;
and writing the second acquisition code into the HTML page corresponding to the main interface, wherein the second acquisition code is used for acquiring the local storage information and the HTML tag information.
In some embodiments, the dynamic information includes context information, locally stored information, and HTML tag information for the objective function.
By writing the corresponding first acquisition code and the corresponding second acquisition code in the position of the objective function and the HTML page corresponding to the main interface respectively, the acquisition of the context information, the local storage information and the HTML tag information of the objective function is realized, the acquired information is more comprehensive, and the subsequent vulnerability judgment is facilitated. When the vulnerability determination is carried out later, the collected context information of the objective function can be used for detecting the vulnerability related to encryption and decryption of the digital currency wallet; the collected local storage information can be used for detecting loopholes related to storage, such as sensitive information leakage and the like; the collected HTML tag information can be used for detecting loopholes related to the HTML tag, and the loopholes are detected more comprehensively.
In some embodiments, the performing the taint analysis results in the taint analysis results include at least one of identifying a source of a taint point, identifying a point of convergence of a taint point, and identifying a path for the taint to propagate.
The stain refers to directly introducing an untrusted data source or a data source such as sensitive data into the program code, and the existence of the stain can bring a series of security boundary problems, and the stain can directly generate security sensitive operation or reveal private data to the outside and other serious security problems when flowing into the code. Therefore, in order to enhance the security of digital money wallets, hacking resistance, and smuggling analysis are particularly important. The pollution source refers to an introduced untrusted data source or sensitive data, the pollution convergence point refers to a safe sensitive operation or an operation of revealing private data to the outside, and the taint propagation path refers to a propagation path of taint marking data in a program. Therefore, code spots of the digital currency wallet can be effectively found by identifying a spot source, identifying a spot converging point and identifying a spot spreading path, spot type holes such as code grammar, structure, process and interface can be found early, and the security of the digital currency wallet is improved.
In some embodiments, step S122 includes:
And carrying out structural arrangement on the source codes, carrying out lexical and grammatical analysis based on structural arrangement results, and constructing an abstract grammar tree corresponding to the source codes based on analysis results.
And through structural arrangement, source codes without uniform and fixed formats are arranged into specific structures, so that subsequent lexical and grammar analysis is facilitated. Alternatively, the structured arrangement of the source code may be implemented by a toolkit such as jsBeautify, and other ways of implementing the structured arrangement of the source code may be applied to the present application, which is not limited in particular. On the basis of the structural result, lexical and grammatical analysis is carried out on the structural result, a source code in the form of a character string is converted into a token (token) stream through lexical analysis, the token is similar to a node in an abstract grammar tree, a token stream is converted into the form of the abstract grammar tree through grammatical analysis, meanwhile, information in the token is converted into a representation structure of the abstract grammar tree at the stage, and on the basis of the analysis result, the abstract grammar tree corresponding to the source code is constructed, so that the abstract grammar tree corresponding to the source code is built. The abstract grammar tree has the characteristics of independent specific grammar and independent language details, provides a clear and unified interface for subsequent stain analysis and code instrumentation position analysis, effectively improves analysis efficiency, further improves detection efficiency, and realizes high-efficiency detection of digital currency wallet security.
In some embodiments, step S14 includes:
operating the target digital currency wallet program based on the pre-collected digital currency wallet operation semantic information, and acquiring data in the operation process of the target digital currency wallet program by utilizing the information acquisition code to obtain the dynamic information;
the digital currency wallet operation semantic information comprises operation flow information of the digital currency wallet, wherein the operation flow information comprises an operation interface and a skip relation between the operation interfaces.
Before dynamic information collection is carried out, operation semantic information of the digital currency wallet is collected in advance, namely, general operation flow of the digital currency wallet such as Web wallet is summarized, semantic information function representation is established for operation interfaces of the digital currency wallet and skip relation between the operation interfaces, a target digital currency wallet program is operated according to the semantic information function representation, basic operation and skip operation are simulated and executed, such as complex operations of clicking, dragging, inputting and the like are simulated and executed by a user, when the basic operation of one interface is executed, operation of skip pages is executed to enter the next page and the like, and therefore the process of using the target digital currency wallet program by the user is simulated, and automatic operation of the target digital currency wallet program can be achieved. In the automatic running process of the target digital currency wallet program, the information acquisition code is triggered to automatically acquire dynamic information, so that the automatic acquisition of the dynamic information is realized, and the overall detection is more efficient.
In some embodiments, the information gathering code is established based on the digital currency wallet operational semantic information. The information acquisition code constructed by combining the digital currency wallet operation semantic information can be more suitable for a target digital currency wallet program, the operation of the original program code can not be influenced when the information acquisition code acquires information, and effective acquisition of dynamic information is ensured.
In some embodiments, the vulnerability determination is made based on pre-built digital currency wallet vulnerability rules. Before the vulnerability determination is carried out, an http service engine can be established in advance and is specially used for receiving dynamic information, vulnerability determination is completed based on the collected dynamic information and the digital money wallet vulnerability rules, and initialization is carried out after one sample test is finished so as to prepare the test of the next sample.
In some embodiments, the target digital-currency wallet program is a Web wallet program. At present, no security test method is carried out for the Web wallet, and the method realizes the efficient, comprehensive and accurate detection of the security of the Web wallet by combining the static analysis, the stake inserting technology and the dynamic analysis, effectively improves the application security of the Web wallet and provides effective guarantee for the fund security of users. According to the application, the code taint of the Web wallet is analyzed through static analysis, the taint type vulnerability of the Web wallet is detected, meanwhile, the position of the code stake in the Web wallet can be analyzed, and the stake inserting position is determined, so that a foundation is provided for the acquisition of the dynamic information of the subsequent Web wallet; and writing a pre-constructed information acquisition code in the pile inserting position to realize dynamic information acquisition and dynamic vulnerability judgment of the Web wallet, and finding possible security vulnerabilities of the Web wallet in the operation process to effectively realize security test of the Web wallet.
It should be noted that, the method of the embodiment of the present application may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the method of an embodiment of the present application, the devices interacting with each other to accomplish the method.
It should be noted that the foregoing describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the application also provides a digital currency wallet safety detection device corresponding to the method of any embodiment, so as to realize safety test of the digital currency wallet, and the digital currency wallet safety detection device is particularly used for detecting Web wallets.
Referring to fig. 2, the digital money wallet security detection device includes:
an acquisition module 21 for acquiring a target digital money wallet program to be detected;
the static analysis module 22 is configured to perform static analysis on the target digital currency wallet program, analyze code stains of the target digital currency wallet program to obtain stain analysis results, and analyze positions where the target digital currency wallet program can perform code instrumentation to obtain instrumentation positions;
the stake inserting module 23 is used for writing a pre-constructed information acquisition code in the stake inserting position;
a dynamic analysis module 24 for collecting dynamic information of the target digital money wallet program based on the information collection code;
the vulnerability detection module 25 is configured to perform vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
the output module 26 is configured to output the stain analysis result and the vulnerability detection result as a security test result of the target digital money wallet program.
In some embodiments, the static analysis module 22 includes:
an acquisition unit configured to acquire a source code of the target digital money wallet program;
the preprocessing unit is used for preprocessing the source code to obtain an abstract syntax tree corresponding to the source code;
And the analysis unit is used for carrying out taint analysis to obtain the taint analysis result based on the abstract syntax tree and carrying out code instrumentation position analysis to obtain the instrumentation position.
In some embodiments, the performing the code instrumentation location analysis to obtain the instrumentation location includes:
traversing the abstract syntax tree from the starting point of the abstract syntax tree, identifying an objective function, and determining the position of the objective function;
acquiring configuration file information of the target digital currency wallet, determining a main interface of the target digital currency wallet program, and determining an HTML page corresponding to the main interface;
and outputting the position of the objective function and the HTML page corresponding to the main interface as the pile inserting position.
In some embodiments, the information acquisition code includes a first acquisition code and a second acquisition code, and the instrumentation module 23 includes:
the first writing unit is used for writing the first acquisition code in the position of the objective function, and the first acquisition code is used for acquiring the context information of the objective function;
the second writing unit is used for writing the second acquisition code in the HTML page corresponding to the main interface, and the second acquisition code is used for acquiring the local storage information and the HTML tag information.
In some embodiments, the performing the taint analysis results in the taint analysis results include at least one of identifying a source of a taint point, identifying a point of convergence of a taint point, and identifying a path for the taint to propagate.
In some embodiments, the preprocessing unit includes:
the abstract syntax tree construction part is used for carrying out structural arrangement on the source codes, carrying out lexical and grammar analysis based on structural arrangement results, and constructing an abstract syntax tree corresponding to the source codes based on analysis results.
In some embodiments, the dynamic analysis module 24 includes:
the dynamic information acquisition unit is used for operating the target digital currency wallet program based on the pre-collected digital currency wallet operation semantic information, and acquiring data in the operation process of the target digital currency wallet program by utilizing the information acquisition code to obtain the dynamic information;
the digital currency wallet operation semantic information comprises operation flow information of the digital currency wallet, wherein the operation flow information comprises an operation interface and a skip relation between the operation interfaces.
In some embodiments, the information gathering code is established based on the digital currency wallet operational semantic information.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
The device of the foregoing embodiment is configured to implement the corresponding digital currency wallet security detection method of any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the application also provides an electronic device corresponding to the method of any embodiment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the digital currency wallet security detection method of any embodiment when executing the program.
Fig. 3 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding digital money wallet security detection method of any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the present application also provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the digital money wallet security detection method according to any of the above embodiments, corresponding to the method of any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the digital money wallet security detection method of any of the foregoing embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
It should be noted that the embodiments of the present application may be further described in the following manner:
by adopting the security detection method for the digital currency wallet, the security detection is carried out on the Web wallet, the working characteristics and the basic information of the Web wallet are obtained by adopting static analysis, and the automatic test of the Web wallet is carried out on the basis of the interactive test framework of the stake inserting mode.
When the present application is applied to detect a Web wallet sample, as shown in fig. 4, the following workflow is performed:
s41: static analysis
Preprocessing a Web wallet sample, and carrying out AST analysis and AST analysis on the Web wallet to obtain a stain analysis result and a stake inserting position.
S42: code injection
And injecting information acquisition codes based on the pile inserting positions in the static analysis results.
S43: dynamic analysis
The four tasks of opening wallet, semantic identification, running wallet and data collection are completed. The part completes the automatic operation of the Web wallet, triggers the execution of the injected codes during the operation, performs data acquisition, and sends the acquired data (namely dynamic information) to the vulnerability detection part.
S44: vulnerability detection
The part receives and extracts various data for detection, and outputs a vulnerability detection result based on the data (namely dynamic information) and detection rules.
S45: final result output
And outputting the stain analysis result obtained in the step S41 and the vulnerability detection result in the step S44 as a security test result of the Web wallet.
The specific execution flow of each of the above steps will be described in detail below.
Step S41: static analysis
A static analysis step, executing the following procedures:
s411: pretreatment of
The method comprises the steps of obtaining a source code of a Web wallet, beautifying the source code of the Web wallet (namely, structuring and arranging), analyzing the source code to obtain an AST structure (namely, performing lexical and grammar analysis based on a structuring and arranging result, and constructing an abstract grammar tree corresponding to the source code based on an analyzing result). Further collecting configuration file information content of the Web wallet (for vulnerability detection), executing preliminary objective function identification, determining a Web wallet main interface, and further determining an HTML page corresponding to the main interface according to the Web wallet main interface (for dynamic analysis).
S412: AST analysis
Performing accurate target function identification and positioning based on an AST structure (namely traversing the abstract syntax tree from the starting point of the abstract syntax tree, identifying a target function and determining the position of the target function), and performing taint analysis based on the AST structure to obtain a taint analysis result.
Preliminary objective function recognition is performed in step S411, accurate objective function recognition and positioning are performed in step S412, and when collision occurs in the objective function recognition in step S411 and step S412, the recognition result of the objective function of step S412 is in control. The objective function identification in step S411 and step S412 has two uses, on one hand, for detecting vulnerabilities with static features, such as cryptography of defects, and on the other hand, for determining the location of the injected monitoring and collection data codes (i.e., the instrumentation location); the blob analysis in step S412 includes at least one of identifying a blob source, identifying a blob sink, and identifying a blob propagation path for detecting a blobs-type vulnerability, such as XSS, which is accomplished with a dataset that includes sink points (the blob sink) and source points (the blob source).
Step S42: code injection
I.e. writing a pre-built information acquisition code at the stake-inserting position. The static analysis result contains the position information (namely the instrumentation position: the position of the objective function and the HTML page corresponding to the main interface) of the information acquisition code injection, and the part injects the pre-constructed information acquisition code into a specific position based on the result. The injected information acquisition code has three uses:
(1) Collecting local storage information of the Web wallet, wherein the local storage information is used for detecting loopholes related to storage, such as sensitive information leakage and the like;
(2) Collecting special tags in an HTML page, and detecting loopholes related to the HTML tags;
(3) And collecting the context information of the objective function, and detecting vulnerabilities related to encryption and decryption.
The portion of the injected information acquisition code supports autonomous customization and expansion. The (1) and (2) are realized by information acquisition codes injected into the HTML page corresponding to the main interface; part (3) is implemented by information acquisition codes injected into the location of the objective function.
S43: dynamic analysis
The main purpose of the dynamic analysis is to perform the automatic operation of the Web wallet, and the following 4 steps are specifically performed:
s431: opening wallet
Based on the results of the static analysis, automatically entering the main interface of the Web wallet.
S432: semantic recognition
In order to be able to identify individual pages and perform automation operations, it is necessary to summarize the general running flow of the Web wallet (i.e. the pre-collected digital money wallet running semantic information), and to build semantic information for key pages in the general running flow, the semantic information being used to identify pages, and code for performing automation operations on the pages. The part operates the Web wallet based on the pre-collected digital currency wallet operation semantic information, and comprises a function of identifying the current page, the page of the Web wallet executes codes to simulate complex operations such as clicking, dragging, inputting and the like by human beings, and when the basic operation of one page is completed, the operation of jumping the page is executed to enter the next page. This section supports digital money wallets running semantic information semantic libraries and code extensions.
S433: running wallet
Based on semantic recognition and skip operations, the Web wallet can automatically skip pages to run continuously.
S434: data acquisition
The method comprises the steps that in the wallet running process, the injected information acquisition codes are triggered to be executed to acquire relevant data for vulnerability detection, meanwhile, the part can also actively collect key information in the Web wallet running, and finally all collected data (namely dynamic information) are sent to a vulnerability detection part to carry out vulnerability judgment.
Steps S431 to S434 correspond to: operating the target digital currency wallet program based on the pre-collected digital currency wallet operation semantic information, and acquiring data in the operation process of the target digital currency wallet program by utilizing the information acquisition code to obtain the dynamic information; the digital currency wallet operation semantic information comprises operation flow information of the digital currency wallet, wherein the operation flow information comprises an operation interface and a skip relation between the operation interfaces.
Step S44: vulnerability detection
The vulnerability detection section may establish an http service engine in advance dedicated to receiving step S43: and dynamically analyzing the collected data (namely dynamic information), and completing vulnerability determination based on the dynamic information and a pre-constructed digital currency wallet vulnerability rule to obtain a vulnerability determination result of the Web wallet. After one Web sample is tested, it is initialized to prepare for testing of the next Web sample. This section supports extended vulnerability rules.
And finally outputting the stain analysis result obtained by the stain analysis in the step S412 and the loophole judgment result obtained by the loophole detection in the step S44 as the security test result output of the Web wallet, and completing the comprehensive, efficient and accurate detection of the security of the Web wallet.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the application (including the claims) is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the application, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the application as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalent substitutions, improvements, and the like, which are within the spirit and principles of the embodiments of the application, are intended to be included within the scope of the application.
Claims (10)
1. A digital money wallet security detection method, comprising:
acquiring a target digital currency wallet program to be detected;
performing static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program where code instrumentation can be performed to obtain an instrumentation position;
writing a pre-constructed information acquisition code in the pile inserting position;
Collecting dynamic information of the target digital currency wallet program based on the information collection code;
performing vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
and outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program.
2. The digital money wallet security detection method of claim 1, wherein the performing a static analysis on the target digital money wallet program, analyzing code blobs of the target digital money wallet program to obtain blobs analysis results, analyzing a location where the target digital money wallet program can perform code instrumentation to obtain instrumentation locations comprises:
acquiring a source code of the target digital currency wallet program;
preprocessing the source code to obtain an abstract syntax tree corresponding to the source code;
and performing taint analysis to obtain a taint analysis result based on the abstract syntax tree, and performing code instrumentation position analysis to obtain the instrumentation position.
3. The digital money wallet security detection method of claim 2, wherein said performing code instrumentation location analysis to obtain the instrumentation location comprises:
Traversing the abstract syntax tree from the starting point of the abstract syntax tree, identifying an objective function, and determining the position of the objective function;
acquiring configuration file information of the target digital currency wallet, determining a main interface of the target digital currency wallet program, and determining an HTML page corresponding to the main interface;
and outputting the position of the objective function and the HTML page corresponding to the main interface as the pile inserting position.
4. A digital money wallet security detection method according to claim 3, said information acquisition codes comprising a first acquisition code and a second acquisition code, said writing a pre-constructed information acquisition code at said stake-in location comprising:
writing the first acquisition code in the position of the objective function, wherein the first acquisition code is used for acquiring the context information of the objective function;
and writing the second acquisition code into the HTML page corresponding to the main interface, wherein the second acquisition code is used for acquiring the local storage information and the HTML tag information.
5. The method according to any one of claims 2 to 4, wherein the performing the smear analysis results in at least one of identifying a smear source, identifying a smear convergence point, and identifying a smear propagation path.
6. The digital money wallet security detection method according to any one of claims 2 to 4, wherein preprocessing the source code to obtain an abstract syntax tree corresponding to the source code includes:
and carrying out structural arrangement on the source codes, carrying out lexical and grammatical analysis based on structural arrangement results, and constructing an abstract grammar tree corresponding to the source codes based on analysis results.
7. The digital money wallet security detection method of any of claims 1-4, wherein the acquiring dynamic information of the target digital money wallet program based on the information acquisition code comprises:
operating the target digital currency wallet program based on the pre-collected digital currency wallet operation semantic information, and acquiring data in the operation process of the target digital currency wallet program by utilizing the information acquisition code to obtain the dynamic information;
the digital currency wallet operation semantic information comprises operation flow information of the digital currency wallet, wherein the operation flow information comprises an operation interface and a skip relation between the operation interfaces.
8. The digital money wallet security detection method of claim 7, wherein the information gathering code is established based on the digital money wallet operational semantic information.
9. A digital money wallet security detection device, comprising:
the acquisition module is used for acquiring a target digital currency wallet program to be detected;
the static analysis module is used for carrying out static analysis on the target digital currency wallet program, analyzing code taint of the target digital currency wallet program to obtain a taint analysis result, and analyzing the position of the target digital currency wallet program, where code instrumentation can be carried out, to obtain an instrumentation position;
the pile inserting module is used for writing a pre-constructed information acquisition code in the pile inserting position;
the dynamic analysis module is used for acquiring dynamic information of the target digital currency wallet program based on the information acquisition code;
the vulnerability detection module is used for carrying out vulnerability determination based on the dynamic information to obtain a vulnerability detection result;
and the output module is used for outputting the stain analysis result and the vulnerability detection result as a security test result of the target digital currency wallet program.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the digital money wallet security detection method of any of claims 1 to 8 when the program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310423454.9A CN116738432A (en) | 2023-04-19 | 2023-04-19 | Digital currency wallet security detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310423454.9A CN116738432A (en) | 2023-04-19 | 2023-04-19 | Digital currency wallet security detection method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116738432A true CN116738432A (en) | 2023-09-12 |
Family
ID=87901881
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310423454.9A Pending CN116738432A (en) | 2023-04-19 | 2023-04-19 | Digital currency wallet security detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116738432A (en) |
-
2023
- 2023-04-19 CN CN202310423454.9A patent/CN116738432A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang | Hunting the ethereum smart contract: Color-inspired inspection of potential attacks | |
| He et al. | {EOSAFE}: Security analysis of {EOSIO} smart contracts | |
| US8850581B2 (en) | Identification of malware detection signature candidate code | |
| CN101266550B (en) | Malicious code detection method | |
| Chen et al. | Dataether: Data exploration framework for ethereum | |
| Yu et al. | Deescvhunter: A deep learning-based framework for smart contract vulnerability detection | |
| Lin et al. | Automated forensic analysis of mobile applications on Android devices | |
| Liu et al. | Cyber vulnerability intelligence for internet of things binary | |
| Lakhotia et al. | Automated test data generation for coverage: Haven't we solved this problem yet? | |
| US11601462B2 (en) | Systems and methods of intelligent and directed dynamic application security testing | |
| CN112800427B (en) | Webshell detection method and device, electronic equipment and storage medium | |
| Berger et al. | Extracting and analyzing the implemented security architecture of business applications | |
| CN109564540A (en) | Debugging tool for JIT compiler | |
| CN112733158B (en) | Android system vulnerability detection method, electronic equipment and storage medium | |
| He et al. | Security analysis of EOSIO smart contracts | |
| Beaman et al. | Fuzzing vulnerability discovery techniques: Survey, challenges and future directions | |
| Chen et al. | DroidCIA: A novel detection method of code injection attacks on HTML5-based mobile apps | |
| CN113312618A (en) | Program vulnerability detection method and device, electronic equipment and medium | |
| Lin et al. | Graph-based seed object synthesis for search-based unit testing | |
| CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
| KR20210045122A (en) | Apparatus and method for generating test input a software using symbolic execution | |
| CN114036526A (en) | Vulnerability testing method and device, computer equipment and storage medium | |
| Silva et al. | Identifying classes in legacy JavaScript code | |
| CN116738432A (en) | Digital currency wallet security detection method and device and electronic equipment | |
| CN112632423B (en) | URL extraction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |