WO2019071828A1 - Method for detecting secondary packaging of application installation package, storage medium, device, and system - Google Patents

Method for detecting secondary packaging of application installation package, storage medium, device, and system Download PDF

Info

Publication number
WO2019071828A1
WO2019071828A1 PCT/CN2017/117376 CN2017117376W WO2019071828A1 WO 2019071828 A1 WO2019071828 A1 WO 2019071828A1 CN 2017117376 W CN2017117376 W CN 2017117376W WO 2019071828 A1 WO2019071828 A1 WO 2019071828A1
Authority
WO
WIPO (PCT)
Prior art keywords
live
app
live broadcast
server
video stream
Prior art date
Application number
PCT/CN2017/117376
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
陈少杰
张文明
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2019071828A1 publication Critical patent/WO2019071828A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/443OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content

Definitions

  • the present invention relates to the field of information processing, and in particular, to a method, a storage medium, a device and a system for detecting secondary packaging of an application installation package.
  • the second packaged live APP installation package is placed on other websites or illegal application stores for users to download, and finally the live package APP after the second package is installed on the user's device, and then the live APP is Implanted malicious programs can achieve malicious deduction, advertising information, secretly download other APP programs installed to the user's mobile phone, peek and collect user privacy information, etc., greatly jeopardizing the security of user equipment, damaging users and broadcast manufacturers interest.
  • the object of the present invention is to provide a method for detecting the secondary packaging of an application installation package, which can effectively ensure the security of the data of the user and the live server.
  • the technical solution adopted by the present invention includes:
  • the live broadcast APP sends a video stream address request containing the live APP signature value to the live broadcast server;
  • the live server compares the signature of the live APP stored by the live broadcast with the signature of the live APP in the video stream address request. If the same, the video stream address is returned to the live broadcast APP. If not, the live broadcast APP is prohibited. Access.
  • the live broadcast APP when the live broadcast APP obtains the video stream address from the live broadcast server, the live broadcast APP sends the verification information to the live broadcast server, and the verification information includes the token value obtained by the live APP login to the live broadcast server, and the user requests to watch the live broadcast.
  • the live server uses the MD5 algorithm to generate a KEY value for all the values in the received verification information and the live APP signature value stored by the live server;
  • the live broadcast APP uses the MD5 algorithm to generate a KEY value for all the values in the verification information and the obtained live APP signature value, and sends the generated KEY value to the live server;
  • the live server compares the generated KEY value with the received KEY value. If they are the same, the video stream address is returned to the live broadcast application. If not, the live APP is prohibited from accessing the live broadcast server.
  • the video stream address authentication module file of the live broadcast APP is written in C language or C++ language.
  • the present invention also provides a storage medium having stored thereon a computer program that, when executed by a processor, implements the method described above.
  • the present invention also provides an apparatus for detecting secondary packaging of an application installation package, comprising a memory and a processor, wherein the memory stores a computer program running on the processor, and the processor executes the computer program to implement the above-mentioned method.
  • the invention also provides a system for detecting secondary packaging of an application installation package, comprising:
  • a writing module configured to write a function for acquiring a live APP signature in a video stream address authentication module file of the live APP
  • An obtaining module configured to obtain a live APP signature by using a get signature function written in a video stream address authentication module file, and obtain a live APP signature value according to the live APP signature, when the live broadcast APP obtains the video stream address from the live broadcast server;
  • a transmission module configured to enable the live broadcast APP to send a video stream address request containing a live APP signature value to the live broadcast server;
  • a judging module configured to enable the live broadcast server to compare the live APP signature value stored by the live broadcast server with the live APP signature value in the video stream address request, and if the same, return the video stream address to the live broadcast APP, if not, prohibiting Live APP access to the live server.
  • the transmission module is further configured to send the verification information to the live broadcast server, where the verification information includes the token value obtained by the live APP login to the live broadcast server, The user requests to view the room number of the live broadcast room, the ID number of the device where the live APP is located, a random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP.
  • the present invention has the following advantages: the function for obtaining the signature of the live APP is written in the video stream address authentication module file of the live APP, and each time the live APP obtains the video stream address from the live server, The live broadcast APP signature value is added to the video stream address request, and the live server compares the signature value sent by the live broadcast application with the signature value of the live broadcast APP saved in the live server. If not, the live broadcast APP is prohibited.
  • the access ensures that users download genuine live broadcast apps from official channels to effectively ensure the security of users and live server data.
  • FIG. 1 is a flowchart of a method for detecting secondary packaging of an application installation package according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of an apparatus for detecting secondary packaging of an application installation package according to an embodiment of the present invention.
  • an embodiment of the present invention provides a method for detecting a secondary package of an application installation package, which is applicable to an Android platform, and is used to detect whether a live broadcast APP is twice packaged, and prevents a live broadcast APP that is twice packaged.
  • the access to the live server effectively guarantees the interests and privacy of the live broadcasters and users.
  • the method for detecting the secondary packaging of the application installation package in the embodiment of the present invention specifically includes:
  • S1 Write a function for obtaining a live APP signature in the video stream address authentication module file of the live APP.
  • the module file that is, the SO file is a common file.
  • the module file is often written in C language or C++ language, and is not easily analyzed by other illegal personnel, so its security is higher than the Java language.
  • the function of obtaining the signature of the live APP is written into the module file, which can increase the security of the function logic, that is, the video stream address authentication module file of the live APP is also written in C language or C++ language.
  • the live broadcast APP there are a plurality of module files, such as a module file of a video decoding, a module file of a map, a module file of a network program, a module file of a beauty module, and the like.
  • a live broadcast APP is obtained.
  • the function of the signature is written into the module file of the video stream address authentication.
  • the live APP initiates a video stream address acquisition request to the live server, it is completed by the video stream address authentication module file.
  • S201 Obtain an information management object PackageManager of the live APP.
  • the Android system provides a PackageManager management class, its main role is to manage the application package, through the PackageManager, you can get information about the application.
  • the corresponding code is:
  • jobjectpackageManagerObj (*env)->CallObjectMethod(env,mContext,
  • packageManagerObj is the specific case of the management class object PackageManager of the live app that we need to obtain.
  • Jstringname_str static_cast ⁇ jstring>(env->CallObjectMethod(thiz,methodID_packagename));
  • Jobjectpackage_info env->CallObjectMethod(package_manager,methodID_pm,name_str,64);//env->NewStringUTF("com.example.contasdf)
  • Jclasspi_clazz env->GetObjectClass(package_info);
  • jfieldIDfieldID_signatures env->GetFieldID(pi_clazz,
  • Jobjectsignatur env->GetObjectField(package_info,fieldID_signatures);
  • JobjectArray signatures reinterpret_cast ⁇ jobjectArray>(signatur);
  • Jobjectsignature_obj env->GetObjectArrayElement(signatures,0);
  • signature_obj is the signature object of the live APP that needs to be acquired.
  • Jstringstr static_cast ⁇ jstring>(env->CallObjectMethod(signature_obj,string_id));
  • the signature object is converted into the final signature string csignature.
  • the live APP signature is obtained, and the live APP signature value is obtained according to the live APP signature.
  • the live broadcast APP sends a video stream address request containing the live APP signature value to the live broadcast server. That is, the video stream address request sent by the live APP to the live server contains the obtained live APP signature value information.
  • the live server compares the stored live APP signature value with the live APP signature value in the video stream address request. If the same, it indicates that the current live APP installation package has not been packaged twice, and the live server returns the video. If the current address of the current live APP is packaged twice, the live broadcast APP is forbidden to access the live broadcast server. In this case, the user can also recognize that the live broadcast APP is currently used. Officially, it has been forbidden to be accessed by the live server, and then the user uninstalls it and goes to the official channel to download the genuine live broadcast app, which effectively guarantees the security of the user data and ensures the reputation of the live broadcast manufacturer.
  • the live server signature value will be saved in the live broadcast server, and the signature value of the live broadcast APP after being double packaged will be changed.
  • the live broadcast APP signature value can be The live APP signature values stored by the user are compared to determine whether the live APP is packaged twice.
  • live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification. That is, for the live APP signature value to be sent with the video stream address request, multiple verifications are performed, which effectively ensures that the live APP used by the user is not twice packaged.
  • the live broadcast APP when the live broadcast APP obtains the video stream address from the live broadcast server, the live broadcast APP sends the verification information to the live broadcast server, and the verification information includes the token value (login token) obtained by the live APP login to the live broadcast server, and the user request.
  • the token value (login token) obtained by the live APP login to the live broadcast server, and the user request.
  • the video stream address request includes the above verification information, and then the live server uses MD5 (Message-Digest Algorithm 5) algorithm for all the values in the received verification information and the live APP signature value stored by the live server itself.
  • MD5 Message-Digest Algorithm 5
  • the splicing generates a KEY value (key).
  • the live APP applies all the values in the verification information and the obtained live APP signature value to generate a KEY value by using the MD5 algorithm, and sends the generated KEY value to the live server, and the live server will itself
  • the generated KEY value is compared with the received KEY value. If they are the same, the video is returned.
  • APP address to live if not identical, is prohibited APP live access to the live server.
  • Video_Key MD5.CreateMd5(Token+room number+device ID number+random number+Time+IP+csignature);
  • Video_Key is the calculated KEY value
  • csignature is the live APP signature value
  • Time is the current system time of the device where the live APP is located
  • IP is the network IP address of the live APP.
  • the signature value and the verification information of the live broadcast APP are jointly verified by the KEY value generated by the MD5 algorithm, and the token value is used as a part of the calculation of the KEY value to ensure that the user must log in before pulling.
  • the video stream address enhances the verification threshold and ensures the accuracy of verification.
  • the live broadcast server After the token is applied to the live broadcast server, the live broadcast server returns the identifier of the live broadcast, that is, a long string.
  • the live broadcast APP must first log in to the live broadcast server to obtain the token value. The verification process.
  • the principle of the method for detecting the secondary package of the application installation package of the present invention is that the function for acquiring the signature of the live APP is written in the video stream address authentication module file of the live APP, and the acquisition function is written into the core module to prevent
  • the illegal personnel can reverse the analysis of the signature of the live APP and crack the function.
  • the signature of the obtained live APP is added to the video stream address request, and the live server sends the live APP.
  • the signature value is compared with the signature value of the live APP saved in the live server. According to this, whether the live APP is sub-packaged is determined. If the same, the video stream address is returned to the live APP. If not, the live APP is prohibited.
  • the access to the live server prompts the user to uninstall the live package that is packaged twice, because the live package that is packaged twice cannot be used normally, which is equivalent to reminding the user to download the genuine live APP from the official channel to effectively guarantee the user. And the security of the live server data.
  • the present invention further provides a storage medium on which a computer program is stored, and when the computer program is executed by the processor, the detection application installation package described in each embodiment is implemented.
  • the steps of the method of secondary packaging includes a U disk, a mobile hard disk, a ROM (Read-Only Memory), a RAM (Random Access Memory), a magnetic disk, or an optical disk, and the like.
  • the medium of the code includes a U disk, a mobile hard disk, a ROM (Read-Only Memory), a RAM (Random Access Memory), a magnetic disk, or an optical disk, and the like.
  • the present invention further provides a device for detecting secondary packaging of an application installation package, including a memory and a processor, where the memory is stored and stored on the processor.
  • the computer program when the processor executes the computer program, implements the method of detecting the second package of the application installation package of each of the above embodiments.
  • the embodiment of the invention further provides a system for detecting the secondary packaging of the application installation package based on the method for detecting the secondary packaging of the application installation package, comprising a writing module, an obtaining module, a transmitting module and a judging module.
  • the writing module is configured to write a function for acquiring a live APP signature in a video stream address authentication module file of the live application; the obtaining module is configured to use the video stream address to authenticate when the live APP obtains the video stream address from the live server.
  • the acquisition signature function written in the module file obtains the live APP signature, and then obtains the live APP signature value according to the live APP signature;
  • the transmission module is configured to enable the live broadcast APP to send the video stream address request containing the live APP signature value to the live broadcast server;
  • the live broadcast server compares the live APP signature value stored by the live broadcast server with the live APP signature value in the video stream address request. If the same, the video stream address is returned to the live broadcast APP. If not, the live broadcast APP is prohibited from being broadcasted. Server access.
  • the transmission module is further configured to send the verification information to the live broadcast server, where the verification information includes a token value obtained by the live APP login to the live broadcast server, and the user requests to view the room number of the live broadcast room. ID of the device where the live APP is located, a random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP.
  • the live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification.
  • the principle of the system for detecting the secondary packaging of the application installation package in the embodiment of the present invention is that the writing module writes the function for acquiring the signature of the live APP in the video stream address authentication module file of the live APP, each time when the live APP is
  • the live stream server obtains the video stream address, it adds the obtained live APP signature value to the video stream address request, and the live broadcast server compares the signature value sent by the live broadcast application with the signature value of the live broadcast APP saved in the live broadcast server. On the basis of this, it is determined whether the live broadcast APP is sub-packaged. If the same, the video stream address is returned to the live broadcast application. If not, the live broadcast APP is prohibited from accessing the live broadcast server, thereby effectively ensuring the security of the user and the live broadcast server. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

A method for detecting secondary packaging of an application installation package, relating to the field of information processing. The method comprises: write, in a video stream address authentication module file of a live broadcast APP, a function for obtaining a live broadcast APP signature (S1); when the live broadcast APP obtains a video stream address from a live broadcast server, obtain the live broadcast APP signature by means of the function, written in the video stream address authentication module file, for obtaining the signature, and then obtain a live broadcast APP signature value according to the live broadcast APP signature (S2); the live broadcast APP sends to the live broadcast server a video stream address request containing the live broadcast APP signature value (S3); the live broadcast server compares the live broadcast APP signature value stored therein with the live broadcast APP signature value in the video stream address request, if the two are the same, returns the video stream address to the live broadcast APP, and if the two are different, forbids the live broadcast APP to access the live broadcast server (S4). By means of the method, the security of user data can be effectively ensured.

Description

检测应用安装包二次打包的方法、存储介质、设备及系统Method, storage medium, device and system for detecting application package secondary packaging 技术领域Technical field
本发明涉及信息处理领域,具体涉及一种检测应用安装包二次打包的方法、存储介质、设备及系统。The present invention relates to the field of information processing, and in particular, to a method, a storage medium, a device and a system for detecting secondary packaging of an application installation package.
背景技术Background technique
目前,随着移动设备的日益普及,移动应用越来越多。越来越多的人趋向于使用直播APP来观看直播,直播APP在用户设备上的安装率也越来越高。然而,在Android操作系统平台,现有一些非法人员或非法产业链,会对直播平台的直播APP进行二次打包,即向从官方渠道下载的直播APP安装包中植入恶意代码或者程序实现二次打包,然后将二次打包后的直播APP安装包放于其它网站或非法应用商店中以供用户下载,最终经过二次打包后的直播APP被安装于用户的设备上,进而直播APP中被植入的恶意程序可以实现恶意扣费、弹广告信息、偷偷下载其它APP程序安装至用户手机、偷窥及收集用户隐私信息等等操作,极大地危害用户设备的使用安全,损害用户和直播厂商的利益。At present, with the increasing popularity of mobile devices, more and more mobile applications. More and more people tend to use the live app to watch the live broadcast, and the live APP is installed on the user device more and more. However, in the Android operating system platform, some illegal personnel or illegal industrial chains will be packaged twice for the live broadcast APP of the live broadcast platform, that is, malicious code or program implementation is implemented in the live APP installation package downloaded from the official channel. After the second package, the second packaged live APP installation package is placed on other websites or illegal application stores for users to download, and finally the live package APP after the second package is installed on the user's device, and then the live APP is Implanted malicious programs can achieve malicious deduction, advertising information, secretly download other APP programs installed to the user's mobile phone, peek and collect user privacy information, etc., greatly jeopardizing the security of user equipment, damaging users and broadcast manufacturers interest.
发明内容Summary of the invention
针对现有技术中存在的缺陷,本发明的目的在于提供一种检测应用安装包二次打包的方法,能够有效保证用户和直播服务器数据的安全。Aiming at the defects existing in the prior art, the object of the present invention is to provide a method for detecting the secondary packaging of an application installation package, which can effectively ensure the security of the data of the user and the live server.
为达到以上目的,本发明采取的技术方案是,包括:In order to achieve the above object, the technical solution adopted by the present invention includes:
S1:在直播APP的视频流地址鉴权模块文件中写入用于获取直 播APP签名的功能;S1: writing a function for acquiring a direct-app signature in the video stream address authentication module file of the live APP;
S2:当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值;S2: When the live broadcast APP obtains the video stream address from the live broadcast server, obtains the live APP signature by using the obtain signature function written in the video stream address authentication module file, and then obtains the live APP signature value according to the live APP signature;
S3:直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器;S3: The live broadcast APP sends a video stream address request containing the live APP signature value to the live broadcast server;
S4:直播服务器将自身存储的直播APP签名值与视频流地址请求中的直播APP签名值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。S4: The live server compares the signature of the live APP stored by the live broadcast with the signature of the live APP in the video stream address request. If the same, the video stream address is returned to the live broadcast APP. If not, the live broadcast APP is prohibited. Access.
在上述技术方案的基础上,当直播APP向直播服务器获取视频流地址时,同时直播APP将验证信息发送至直播服务器,所述验证信息包括直播APP登录直播服务器获得的token值、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及直播APP的网络IP地址。On the basis of the foregoing technical solution, when the live broadcast APP obtains the video stream address from the live broadcast server, the live broadcast APP sends the verification information to the live broadcast server, and the verification information includes the token value obtained by the live APP login to the live broadcast server, and the user requests to watch the live broadcast. The room number, the ID number of the device where the live APP is located, the random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP.
在上述技术方案的基础上,直播服务器对接收的验证信息中的所有数值及直播服务器自身存储的直播APP签名值使用MD5算法拼接生成一KEY值;On the basis of the foregoing technical solution, the live server uses the MD5 algorithm to generate a KEY value for all the values in the received verification information and the live APP signature value stored by the live server;
直播APP对验证信息中的所有数值及获取的直播APP签名值使用MD5算法拼接生成一KEY值,并将生成的KEY值发送至直播服务器;The live broadcast APP uses the MD5 algorithm to generate a KEY value for all the values in the verification information and the obtained live APP signature value, and sends the generated KEY value to the live server;
直播服务器将自身生成的KEY值与所接收的KEY值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。The live server compares the generated KEY value with the received KEY value. If they are the same, the video stream address is returned to the live broadcast application. If not, the live APP is prohibited from accessing the live broadcast server.
在上述技术方案的基础上,直播APP每次向直播服务器发起视 频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。On the basis of the foregoing technical solution, each time the live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification.
在上述技术方案的基础上,所述直播APP的视频流地址鉴权模块文件使用C语言或C++语言编写。On the basis of the foregoing technical solution, the video stream address authentication module file of the live broadcast APP is written in C language or C++ language.
本发明还提供一种存储介质,该存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述所述的方法。The present invention also provides a storage medium having stored thereon a computer program that, when executed by a processor, implements the method described above.
本发明还提供一种检测应用安装包二次打包的设备,包括存储器和处理器,存储器上储存有在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述所述的方法。The present invention also provides an apparatus for detecting secondary packaging of an application installation package, comprising a memory and a processor, wherein the memory stores a computer program running on the processor, and the processor executes the computer program to implement the above-mentioned method.
本发明还提供一种检测应用安装包二次打包的系统,包括:The invention also provides a system for detecting secondary packaging of an application installation package, comprising:
写入模块,其用于在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能;a writing module, configured to write a function for acquiring a live APP signature in a video stream address authentication module file of the live APP;
获取模块,其用于当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值;An obtaining module, configured to obtain a live APP signature by using a get signature function written in a video stream address authentication module file, and obtain a live APP signature value according to the live APP signature, when the live broadcast APP obtains the video stream address from the live broadcast server;
传输模块,其用于使直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器;a transmission module, configured to enable the live broadcast APP to send a video stream address request containing a live APP signature value to the live broadcast server;
判断模块,其用于使直播服务器将自身存储的直播APP签名值与视频流地址请求中的直播APP签名值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。a judging module, configured to enable the live broadcast server to compare the live APP signature value stored by the live broadcast server with the live APP signature value in the video stream address request, and if the same, return the video stream address to the live broadcast APP, if not, prohibiting Live APP access to the live server.
在上述技术方案的基础上,当直播APP向直播服务器获取视频流地址时,所述传输模块还用于将验证信息发送至直播服务器,所述验证信息包括直播APP登录直播服务器获得的token值、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及 直播APP的网络IP地址。On the basis of the foregoing technical solution, when the live broadcast APP obtains the video stream address from the live broadcast server, the transmission module is further configured to send the verification information to the live broadcast server, where the verification information includes the token value obtained by the live APP login to the live broadcast server, The user requests to view the room number of the live broadcast room, the ID number of the device where the live APP is located, a random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP.
在上述技术方案的基础上,直播APP每次向直播服务器发起视频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。On the basis of the foregoing technical solution, each time the live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification.
与现有技术相比,本发明的优点在于:在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能,每次当直播APP向直播服务器获取视频流地址时,均在视频流地址请求中加入获取的直播APP签名值,直播服务器对直播APP发送过来的签名值和直播服务器中保存的直播APP的签名值进行比对,若不相同则禁止直播APP对直播服务器的访问,确保用户从官方渠道下载正版的直播APP使用,有效保证用户和直播服务器数据的安全。Compared with the prior art, the present invention has the following advantages: the function for obtaining the signature of the live APP is written in the video stream address authentication module file of the live APP, and each time the live APP obtains the video stream address from the live server, The live broadcast APP signature value is added to the video stream address request, and the live server compares the signature value sent by the live broadcast application with the signature value of the live broadcast APP saved in the live server. If not, the live broadcast APP is prohibited. The access ensures that users download genuine live broadcast apps from official channels to effectively ensure the security of users and live server data.
附图说明DRAWINGS
图1为本发明实施例中检测应用安装包二次打包的方法的流程图;1 is a flowchart of a method for detecting secondary packaging of an application installation package according to an embodiment of the present invention;
图2为本发明实施例中检测应用安装包二次打包的设备的结构示意图。FIG. 2 is a schematic structural diagram of an apparatus for detecting secondary packaging of an application installation package according to an embodiment of the present invention.
具体实施方式Detailed ways
以下结合附图及实施例对本发明作进一步详细说明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments.
参见图1所示,本发明实施例提供一种检测应用安装包二次打包的方法,适用于Android平台,用于对直播APP是否被二次打包进行检测,并阻止被二次打包的直播APP对直播服务器的访问,有效保证直播厂商和用户的利益及隐私安全。本发明实施例的检测应用安装包二次打包的方法具体包括:Referring to FIG. 1 , an embodiment of the present invention provides a method for detecting a secondary package of an application installation package, which is applicable to an Android platform, and is used to detect whether a live broadcast APP is twice packaged, and prevents a live broadcast APP that is twice packaged. The access to the live server effectively guarantees the interests and privacy of the live broadcasters and users. The method for detecting the secondary packaging of the application installation package in the embodiment of the present invention specifically includes:
S1:在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能。在Android系统中,模块文件,即SO文件是一 种常见的文件,模块文件常使用C语言或者C++语言编写,且不容易被其它非法人员所逆向分析,故其安全性要比java语言高,这里将获取直播APP签名的功能写入到模块文件中,能够增加该功能逻辑的安全性,即直播APP的视频流地址鉴权模块文件也是使用C语言或C++语言编写。在直播APP中,会存在多个模块文件,如视频解码的模块文件、地图的模块文件、网络程序的模块文件、美颜模块的模块文件等等,本发明实施例中,是将获取直播APP签名的功能写入到视频流地址鉴权的模块文件中,直播APP向直播服务器发起视频流地址获取请求时,通过视频流地址鉴权模块文件完成。S1: Write a function for obtaining a live APP signature in the video stream address authentication module file of the live APP. In the Android system, the module file, that is, the SO file is a common file. The module file is often written in C language or C++ language, and is not easily analyzed by other illegal personnel, so its security is higher than the Java language. Here, the function of obtaining the signature of the live APP is written into the module file, which can increase the security of the function logic, that is, the video stream address authentication module file of the live APP is also written in C language or C++ language. In the live broadcast APP, there are a plurality of module files, such as a module file of a video decoding, a module file of a map, a module file of a network program, a module file of a beauty module, and the like. In the embodiment of the present invention, a live broadcast APP is obtained. The function of the signature is written into the module file of the video stream address authentication. When the live APP initiates a video stream address acquisition request to the live server, it is completed by the video stream address authentication module file.
S2:当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值。用户在使用直播APP每一次观看某个直播间时,均需要向直播服务器发起获取视频流地址的请求。对于通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名的过程,具体为:S2: When the live broadcast APP obtains the video stream address from the live broadcast server, obtains the live APP signature by using the obtain signature function written in the video stream address authentication module file, and then obtains the live APP signature value according to the live APP signature. When the user uses a live broadcast APP to view a live broadcast room each time, the user needs to initiate a request for obtaining a video stream address to the live broadcast server. The process of obtaining a live APP signature by using the acquisition signature function written in the video stream address authentication module file is specifically:
S201:获取直播APP的信息管理对象PackageManager。Android系统提供了一个PackageManager管理类,它主要的作用是管理应用程序包,通过PackageManager,便可以获取到应用程序的相关信息。对于信息管理对象PackageManager的获取,相应代码为:S201: Obtain an information management object PackageManager of the live APP. The Android system provides a PackageManager management class, its main role is to manage the application package, through the PackageManager, you can get information about the application. For the acquisition of the information management object PackageManager, the corresponding code is:
jmethodIDpackageManagerMethod=(*env)->GetMethodID(env,contextObj,jmethodIDpackageManagerMethod=(*env)->GetMethodID(env,contextObj,
"getPackageManager","getPackageManager",
"()Landroid/content/pm/PackageManager;");"()Landroid/content/pm/PackageManager;");
接着获取Android系统提供的getPackageManager的方法Then get the method of getPackageManager provided by Android system
jobjectpackageManagerObj=(*env)->CallObjectMethod(env,mContext,jobjectpackageManagerObj=(*env)->CallObjectMethod(env,mContext,
packageManagerMethod);packageManagerMethod);
通过此获取具体的packageManager的对象packageManagerObj,其中packageManagerObj则是我们需要获取的直播APP的管理类对象PackageManager的具体事例。Through this, get the specific packageManager object packageManagerObj, where packageManagerObj is the specific case of the management class object PackageManager of the live app that we need to obtain.
S102:获取直播APP的详细信息的方法getPackageInfo,相应的实现代码为:S102: The method for obtaining the detailed information of the live APP is getPackageInfo, and the corresponding implementation code is:
jmethodIDmethodID_pm=env->GetMethodID(pm_clazz,jmethodIDmethodID_pm=env->GetMethodID(pm_clazz,
"getPackageInfo","getPackageInfo",
"(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;");"(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;");
S103:获取直播APP的包名,相应的实现代码为:S103: Obtain a package name of the live APP, and the corresponding implementation code is:
jmethodIDmethodID_packagenamejmethodIDmethodID_packagename
=env->GetMethodID(native_clazz,"getPackageName",=env->GetMethodID(native_clazz,"getPackageName",
"()Ljava/lang/String;");"()Ljava/lang/String;");
jstringname_str=static_cast<jstring>(env->CallObjectMethod(thiz,methodID_packagename));Jstringname_str=static_cast<jstring>(env->CallObjectMethod(thiz,methodID_packagename));
S104:获取直播APP的包信息,相应的实现代码为:S104: Obtain the package information of the live APP, and the corresponding implementation code is:
jobjectpackage_info=env->CallObjectMethod(package_manager,methodID_pm,name_str,64);//env->NewStringUTF("com.example.contasdf")Jobjectpackage_info=env->CallObjectMethod(package_manager,methodID_pm,name_str,64);//env->NewStringUTF("com.example.contasdf")
S105:获取包信息类的PackageInfo类,相应的实现代码为:S105: Obtain the PackageInfo class of the package information class, and the corresponding implementation code is:
jclasspi_clazz=env->GetObjectClass(package_info);Jclasspi_clazz=env->GetObjectClass(package_info);
S106:获取直播APP的签名属性ID,相应的实现代码为:S106: Obtain a signature attribute ID of the live APP, and the corresponding implementation code is:
jfieldIDfieldID_signatures=env->GetFieldID(pi_clazz,jfieldIDfieldID_signatures=env->GetFieldID(pi_clazz,
"signatures","[Landroid/content/pm/Signature;");"signatures","[Landroid/content/pm/Signature;");
S107:获取直播APP的签名对象,相应的实现代码为:S107: Obtain a signature object of the live APP, and the corresponding implementation code is:
jobjectsignatur=env->GetObjectField(package_info,fieldID_signatures);Jobjectsignatur=env->GetObjectField(package_info,fieldID_signatures);
jobjectArray signatures=reinterpret_cast<jobjectArray>(signatur);JobjectArray signatures=reinterpret_cast<jobjectArray>(signatur);
jobjectsignature_obj=env->GetObjectArrayElement(signatures,0);Jobjectsignature_obj=env->GetObjectArrayElement(signatures,0);
其中,signature_obj则是需要获取的直播APP的签名对象。Among them, signature_obj is the signature object of the live APP that needs to be acquired.
S108:获取直播APP的签名的字符串,相应的实现代码为:jclasssignature_clazz=env->GetObjectClass(signature_obj);S108: Obtain a string of the signature of the live APP, and the corresponding implementation code is: jclasssignature_clazz=env->GetObjectClass(signature_obj);
接着获取签名的类,相应的实现代码为:Then get the signed class, the corresponding implementation code is:
jmethodIDstring_id=env->GetMethodID(signature_clazz,"toCharsString","()Ljava/lang/String;");jmethodIDstring_id=env->GetMethodID(signature_clazz,"toCharsString","()Ljava/lang/String;");
接着将获取的类转换成字符串,相应的实现代码为:Then convert the obtained class into a string, the corresponding implementation code is:
jstringstr=static_cast<jstring>(env->CallObjectMethod(signature_obj,string_id));Jstringstr=static_cast<jstring>(env->CallObjectMethod(signature_obj,string_id));
char*csignature=(char*)env->GetStringUTFChars(str,0);Char*csignature=(char*)env->GetStringUTFChars(str,0);
最后将签名对象转换成最终的签名字符串csignature。Finally, the signature object is converted into the final signature string csignature.
至此,便获取到了直播APP签名,同时根据直播APP签名得到直播APP签名值。At this point, the live APP signature is obtained, and the live APP signature value is obtained according to the live APP signature.
S3:直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器。即直播APP发送给直播服务器的视频流地址请求中含有获取到的直播APP签名值信息。S3: The live broadcast APP sends a video stream address request containing the live APP signature value to the live broadcast server. That is, the video stream address request sent by the live APP to the live server contains the obtained live APP signature value information.
S4:直播服务器将自身存储的直播APP签名值与视频流地址请求中的直播APP签名值进行比对,若相同,则说明当前直播APP的安装包没有被二次打包过,则直播服务器返回视频流地址至直播APP,若不相同,则说明当前直播APP的安装包有被二次打包过,则禁止直播APP对直播服务器的访问,此时用户也能意识到当前所使用的直播APP为非官方的,已被直播服务器禁止访问,进而用户进行卸载,并去官方渠道下载正版直播APP所使用,有效保证用户数据的安全,同时也保证了直播厂商的声誉。S4: The live server compares the stored live APP signature value with the live APP signature value in the video stream address request. If the same, it indicates that the current live APP installation package has not been packaged twice, and the live server returns the video. If the current address of the current live APP is packaged twice, the live broadcast APP is forbidden to access the live broadcast server. In this case, the user can also recognize that the live broadcast APP is currently used. Officially, it has been forbidden to be accessed by the live server, and then the user uninstalls it and goes to the official channel to download the genuine live broadcast app, which effectively guarantees the security of the user data and ensures the reputation of the live broadcast manufacturer.
当直播APP被开发完成后,直播服务器中会对直播APP签名值进行保存,而被二次打包后的直播APP,其签名值会改变,据此直播服务器便可根据返回的直播APP签名值与自身存储的直播APP签名值进行比对,进而判断直播APP是否被二次打包。After the live broadcast APP is developed, the live server signature value will be saved in the live broadcast server, and the signature value of the live broadcast APP after being double packaged will be changed. According to the live broadcast server, the live broadcast APP signature value can be The live APP signature values stored by the user are compared to determine whether the live APP is packaged twice.
直播APP每次向直播服务器发起视频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。即对于直播APP签名值随着视频流地址请求的发送,会进行多次验证,有效确保用户所使用的直播APP是没有被二次打包的。Each time the live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification. That is, for the live APP signature value to be sent with the video stream address request, multiple verifications are performed, which effectively ensures that the live APP used by the user is not twice packaged.
在一种实施方式中,当直播APP向直播服务器获取视频流地址时,同时直播APP将验证信息发送至直播服务器,验证信息包括直播APP登录直播服务器获得的token值(登录令牌)、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及直播APP的网络IP地址,即播APP发送给直播服务器的视频流地址请求中同时含有上述验证信息,接着,直播服务器对接收的验证信息中的所有数值及直播服务器自身存储的直播APP签名值使用MD5(Message-Digest Algorithm 5,信息-摘要算法5)算法拼接生成一KEY值(密匙),直播APP对验证信息中的所有数值及获取的直播APP签名值使用MD5算法拼接生成一KEY值,并将生成的KEY值发送至直播服务器,直播服务器将自身生成的KEY值与所接收的KEY值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。In an embodiment, when the live broadcast APP obtains the video stream address from the live broadcast server, the live broadcast APP sends the verification information to the live broadcast server, and the verification information includes the token value (login token) obtained by the live APP login to the live broadcast server, and the user request. View the room number of the live room, the ID number of the device where the live APP is located, the random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP, that is, the broadcast APP is sent to the live server. The video stream address request includes the above verification information, and then the live server uses MD5 (Message-Digest Algorithm 5) algorithm for all the values in the received verification information and the live APP signature value stored by the live server itself. The splicing generates a KEY value (key). The live APP applies all the values in the verification information and the obtained live APP signature value to generate a KEY value by using the MD5 algorithm, and sends the generated KEY value to the live server, and the live server will itself The generated KEY value is compared with the received KEY value. If they are the same, the video is returned. APP address to live, if not identical, is prohibited APP live access to the live server.
对于采用MD5算法进行KEY值的计算,具体为:For the calculation of the KEY value using the MD5 algorithm, specifically:
Video_Key=MD5.CreateMd5(Token+房间号+设备ID号+随机数+Time+IP+csignature);Video_Key=MD5.CreateMd5(Token+room number+device ID number+random number+Time+IP+csignature);
其中,Video_Key为计算出的KEY值,csignature是直播APP 签名值,Time是直播APP所在设备的当前系统时间,IP是直播APP的网络IP地址。Among them, Video_Key is the calculated KEY value, csignature is the live APP signature value, Time is the current system time of the device where the live APP is located, and IP is the network IP address of the live APP.
对于直播APP是否给二次打包的验证,使用直播APP签名值和验证信息共同经过MD5算法拼接生成的KEY值进行验证,同时将token值作为KEY值计算的一部分,保证用户必须登陆后才能拉取视频流地址,提升了验证门槛,保证验证的准确性。token值时直播APP登录直播服务器后,直播服务器返回给直播APP的标识符,即一个长字符串,保证用户的直播APP必须首先要登录直播服务器获取token值,才能进行后续的是否被二次打包的验证过程。For the verification of the secondary package for the live broadcast application, the signature value and the verification information of the live broadcast APP are jointly verified by the KEY value generated by the MD5 algorithm, and the token value is used as a part of the calculation of the KEY value to ensure that the user must log in before pulling. The video stream address enhances the verification threshold and ensures the accuracy of verification. After the token is applied to the live broadcast server, the live broadcast server returns the identifier of the live broadcast, that is, a long string. The live broadcast APP must first log in to the live broadcast server to obtain the token value. The verification process.
本发明的检测应用安装包二次打包的方法的原理在于,在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能,即将获取功能写入到核心模块中,防止非法人员对直播APP签名逆向分析而破解该功能,每次当直播APP向直播服务器获取视频流地址时,均在视频流地址请求中加入获取的直播APP签名值,直播服务器对直播APP发送过来的签名值和直播服务器中保存的直播APP的签名值进行比对,据此对直播APP是否被二次打包进行判断,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问,促使用户卸载被二次打包的直播APP,因被二次打包的直播APP是无法被正常所使用的,相当于提醒用户从官方渠道下载正版的直播APP使用,有效保证用户和直播服务器数据的安全。The principle of the method for detecting the secondary package of the application installation package of the present invention is that the function for acquiring the signature of the live APP is written in the video stream address authentication module file of the live APP, and the acquisition function is written into the core module to prevent The illegal personnel can reverse the analysis of the signature of the live APP and crack the function. Each time the live APP obtains the video stream address from the live server, the signature of the obtained live APP is added to the video stream address request, and the live server sends the live APP. The signature value is compared with the signature value of the live APP saved in the live server. According to this, whether the live APP is sub-packaged is determined. If the same, the video stream address is returned to the live APP. If not, the live APP is prohibited. The access to the live server prompts the user to uninstall the live package that is packaged twice, because the live package that is packaged twice cannot be used normally, which is equivalent to reminding the user to download the genuine live APP from the official channel to effectively guarantee the user. And the security of the live server data.
另外,对应上述检测应用安装包二次打包的方法,本发明还提供一种存储介质,存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述各实施例所述的检测应用安装包二次打包的方法的步骤。需要说明的是,所述存储介质包括U盘、移动硬盘、ROM (Read-Only Memory,只读存储器)、RAM(Random Access Memory,随机存取存储器)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, in accordance with the method for detecting the secondary packaging of the application installation package, the present invention further provides a storage medium on which a computer program is stored, and when the computer program is executed by the processor, the detection application installation package described in each embodiment is implemented. The steps of the method of secondary packaging. It should be noted that the storage medium includes a U disk, a mobile hard disk, a ROM (Read-Only Memory), a RAM (Random Access Memory), a magnetic disk, or an optical disk, and the like. The medium of the code.
参见图2所示,对应上述检测应用安装包二次打包的方法,本发明还提供一种检测应用安装包二次打包的设备,包括存储器和处理器,存储器上储存有在处理器上运行的计算机程序,处理器执行计算机程序时实现上述各实施例的检测应用安装包二次打包的方法。As shown in FIG. 2, in accordance with the method for detecting the secondary packaging of the application installation package, the present invention further provides a device for detecting secondary packaging of an application installation package, including a memory and a processor, where the memory is stored and stored on the processor. The computer program, when the processor executes the computer program, implements the method of detecting the second package of the application installation package of each of the above embodiments.
本发明实施例还提供一种基于上述检测应用安装包二次打包的方法的检测应用安装包二次打包的系统,包括写入模块、获取模块、传输模块和判断模块。The embodiment of the invention further provides a system for detecting the secondary packaging of the application installation package based on the method for detecting the secondary packaging of the application installation package, comprising a writing module, an obtaining module, a transmitting module and a judging module.
写入模块用于在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能;获取模块用于当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值;传输模块用于使直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器;判断模块用于使直播服务器将自身存储的直播APP签名值与视频流地址请求中的直播APP签名值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。The writing module is configured to write a function for acquiring a live APP signature in a video stream address authentication module file of the live application; the obtaining module is configured to use the video stream address to authenticate when the live APP obtains the video stream address from the live server. The acquisition signature function written in the module file obtains the live APP signature, and then obtains the live APP signature value according to the live APP signature; the transmission module is configured to enable the live broadcast APP to send the video stream address request containing the live APP signature value to the live broadcast server; The live broadcast server compares the live APP signature value stored by the live broadcast server with the live APP signature value in the video stream address request. If the same, the video stream address is returned to the live broadcast APP. If not, the live broadcast APP is prohibited from being broadcasted. Server access.
当直播APP向直播服务器获取视频流地址时,所述传输模块还用于将验证信息发送至直播服务器,所述验证信息包括直播APP登录直播服务器获得的token值、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及直播APP的网络IP地址。直播APP每次向直播服务器发起视频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。When the live broadcast APP obtains the video stream address from the live broadcast server, the transmission module is further configured to send the verification information to the live broadcast server, where the verification information includes a token value obtained by the live APP login to the live broadcast server, and the user requests to view the room number of the live broadcast room. ID of the device where the live APP is located, a random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the network IP address of the live APP. Each time the live broadcast APP initiates a video stream address request to the live server, it needs to send the live APP signature value to the live server for verification.
本发明实施例的检测应用安装包二次打包的系统的原理在于,写入模块在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能,每次当直播APP向直播服务器获取视频流地址时,均在视频流地址请求中加入获取的直播APP签名值,通过判断模块,直播服务器对直播APP发送过来的签名值和直播服务器中保存的直播APP的签名值进行比对,据此对直播APP是否被二次打包进行判断,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问,有效保证用户和直播服务器数据的安全。The principle of the system for detecting the secondary packaging of the application installation package in the embodiment of the present invention is that the writing module writes the function for acquiring the signature of the live APP in the video stream address authentication module file of the live APP, each time when the live APP is When the live stream server obtains the video stream address, it adds the obtained live APP signature value to the video stream address request, and the live broadcast server compares the signature value sent by the live broadcast application with the signature value of the live broadcast APP saved in the live broadcast server. On the basis of this, it is determined whether the live broadcast APP is sub-packaged. If the same, the video stream address is returned to the live broadcast application. If not, the live broadcast APP is prohibited from accessing the live broadcast server, thereby effectively ensuring the security of the user and the live broadcast server. .
本发明不局限于上述实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围之内。本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。The present invention is not limited to the above embodiments, and those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings are also considered as protection of the present invention. Within the scope. The contents not described in detail in the present specification belong to the prior art well known to those skilled in the art.

Claims (10)

  1. 一种检测应用安装包二次打包的方法,适用于Android平台,其特征在于,包括:A method for detecting the secondary packaging of an application installation package is applicable to the Android platform, and is characterized in that:
    S1:在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能;S1: a function for obtaining a live APP signature is written in a video stream address authentication module file of the live APP;
    S2:当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值;S2: When the live broadcast APP obtains the video stream address from the live broadcast server, obtains the live APP signature by using the obtain signature function written in the video stream address authentication module file, and then obtains the live APP signature value according to the live APP signature;
    S3:直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器;S3: The live broadcast APP sends a video stream address request containing the live APP signature value to the live broadcast server;
    S4:直播服务器将自身存储的直播APP签名值与视频流地址请求中的直播APP签名值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。S4: The live server compares the signature of the live APP stored by the live broadcast with the signature of the live APP in the video stream address request. If the same, the video stream address is returned to the live broadcast APP. If not, the live broadcast APP is prohibited. Access.
  2. 如权利要求1所述的一种检测应用安装包二次打包的方法,其特征在于:当直播APP向直播服务器获取视频流地址时,同时直播APP将验证信息发送至直播服务器,所述验证信息包括直播APP登录直播服务器获得的token值、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及直播APP的网络IP地址。The method for detecting the secondary packaging of the application installation package according to claim 1, wherein when the live broadcast APP obtains the video stream address from the live broadcast server, the live broadcast APP sends the verification information to the live broadcast server, and the verification information is sent. The token value obtained by the live APP login to the live server, the user's request to view the room number of the live broadcast room, the ID number of the device where the live APP is located, the random number obtained by the live APP login to the live server, the current system time of the device where the live APP is located, and the live APP. Network IP address.
  3. 如权利要求2所述的一种检测应用安装包二次打包的方法,其特征在于:A method for detecting secondary packaging of an application installation package according to claim 2, wherein:
    直播服务器对接收的验证信息中的所有数值及直播服务器自身存储的直播APP签名值使用MD5算法拼接生成一KEY值;The live server uses the MD5 algorithm to generate a KEY value for all the values in the received verification information and the live APP signature value stored by the live server.
    直播APP对验证信息中的所有数值及获取的直播APP签名值使用MD5算法拼接生成一KEY值,并将生成的KEY值发送至直播服 务器;The live broadcast APP uses the MD5 algorithm to generate a KEY value for all the values in the verification information and the obtained live APP signature value, and sends the generated KEY value to the live server;
    直播服务器将自身生成的KEY值与所接收的KEY值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。The live server compares the generated KEY value with the received KEY value. If they are the same, the video stream address is returned to the live broadcast application. If not, the live APP is prohibited from accessing the live broadcast server.
  4. 如权利要求1所述的一种检测应用安装包二次打包的方法,其特征在于:直播APP每次向直播服务器发起视频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。The method for detecting the secondary packaging of an application installation package according to claim 1, wherein each time the live broadcast APP initiates a video stream address request to the live server, the live APP signature value needs to be sent to the live server for verification.
  5. 如权利要求1所述的一种检测应用安装包二次打包的方法,其特征在于:所述直播APP的视频流地址鉴权模块文件使用C语言或C++语言编写。The method for detecting the secondary packaging of an application installation package according to claim 1, wherein the video stream address authentication module file of the live APP is written in C language or C++ language.
  6. 一种存储介质,该存储介质上存储有计算机程序,其特征在于:所述计算机程序被处理器执行时实现权利要求1至5任一项所述的方法。A storage medium having stored thereon a computer program, wherein the computer program is executed by a processor to implement the method of any one of claims 1 to 5.
  7. 一种检测应用安装包二次打包的设备,包括存储器和处理器,存储器上储存有在处理器上运行的计算机程序,其特征在于:所述处理器执行所述计算机程序时实现权利要求1至5任一项所述的方法。An apparatus for detecting secondary packaging of an application installation package, comprising a memory and a processor, wherein the memory stores a computer program running on the processor, wherein the processor executes the computer program to implement claim 1 The method of any of the preceding claims.
  8. 一种检测应用安装包二次打包的系统,其特征在于,包括:A system for detecting secondary packaging of an application installation package, characterized in that:
    写入模块,其用于在直播APP的视频流地址鉴权模块文件中写入用于获取直播APP签名的功能;a writing module, configured to write a function for acquiring a live APP signature in a video stream address authentication module file of the live APP;
    获取模块,其用于当直播APP向直播服务器获取视频流地址时,通过视频流地址鉴权模块文件中写入的获取签名功能获取直播APP签名,进而根据直播APP签名得到直播APP签名值;An obtaining module, configured to obtain a live APP signature by using a get signature function written in a video stream address authentication module file, and obtain a live APP signature value according to the live APP signature, when the live broadcast APP obtains the video stream address from the live broadcast server;
    传输模块,其用于使直播APP将含有直播APP签名值的视频流地址请求发送至直播服务器;a transmission module, configured to enable the live broadcast APP to send a video stream address request containing a live APP signature value to the live broadcast server;
    判断模块,其用于使直播服务器将自身存储的直播APP签名值 与视频流地址请求中的直播APP签名值进行比对,若相同,则返回视频流地址至直播APP,若不相同,则禁止直播APP对直播服务器的访问。a judging module, configured to enable the live broadcast server to compare the live APP signature value stored by the live broadcast server with the live APP signature value in the video stream address request, and if the same, return the video stream address to the live broadcast APP, if not, prohibiting Live APP access to the live server.
  9. 如权利要求8所述的一种检测应用安装包二次打包的系统,其特征在于:当直播APP向直播服务器获取视频流地址时,所述传输模块还用于将验证信息发送至直播服务器,所述验证信息包括直播APP登录直播服务器获得的token值、用户请求观看直播间的房间号、直播APP所在设备的ID号、直播APP登录直播服务器获得的一随机数、直播APP所在设备的当前系统时间以及直播APP的网络IP地址。The system for detecting the secondary packaging of the application installation package according to claim 8, wherein the transmission module is further configured to send the verification information to the live broadcast server when the live broadcast APP obtains the video stream address from the live broadcast server. The verification information includes a token value obtained by the live APP login to the live server, a room number requested by the user to view the live broadcast, an ID number of the device where the live APP is located, a random number obtained by the live APP login to the live server, and a current system of the device where the live APP is located. Time and network IP address of the live app.
  10. 如权利要求8所述的一种检测应用安装包二次打包的系统,其特征在于:直播APP每次向直播服务器发起视频流地址请求时,均需发送直播APP签名值至直播服务器进行验证。The system for detecting the secondary packaging of the application installation package according to claim 8, wherein each time the live broadcast APP initiates a video stream address request to the live server, the live APP signature value needs to be sent to the live server for verification.
PCT/CN2017/117376 2017-10-10 2017-12-20 Method for detecting secondary packaging of application installation package, storage medium, device, and system WO2019071828A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710935291.7A CN107809672A (en) 2017-10-10 2017-10-10 Detect method, storage medium, equipment and the system of the secondary packing of application installation package
CN201710935291.7 2017-10-10

Publications (1)

Publication Number Publication Date
WO2019071828A1 true WO2019071828A1 (en) 2019-04-18

Family

ID=61584048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117376 WO2019071828A1 (en) 2017-10-10 2017-12-20 Method for detecting secondary packaging of application installation package, storage medium, device, and system

Country Status (2)

Country Link
CN (1) CN107809672A (en)
WO (1) WO2019071828A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109639803B (en) * 2018-12-18 2021-12-03 郑州云海信息技术有限公司 Method and system for remotely and automatically deploying server OS (operating system) through BMC (baseboard management controller)
CN112632644A (en) * 2020-12-18 2021-04-09 深圳市安络科技有限公司 Android system-based app screen capture prevention method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509047A (en) * 2011-11-09 2012-06-20 北京赛科世纪数码科技有限公司 Method and system for verifying program code in set-top box
CN105378662A (en) * 2013-05-30 2016-03-02 微软技术许可有限责任公司 Bundle package generation
US20160248754A1 (en) * 2013-05-31 2016-08-25 Palo Alto Networks, Inc. Password constraint enforcement used in external site authentication
CN107180170A (en) * 2017-05-09 2017-09-19 深圳海云安网络安全技术有限公司 A kind of Android APP are without shell reinforcement means

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721903B (en) * 2014-12-26 2017-12-12 乐视网信息技术(北京)股份有限公司 The online method and system for playing video
CN105915494A (en) * 2015-12-07 2016-08-31 乐视云计算有限公司 Anti-stealing-link method and system
CN105657474B (en) * 2016-02-19 2019-04-26 微鲸科技有限公司 The anti-stealing link method and system of identity-based signature system are used in Video Applications
CN106993201A (en) * 2017-03-17 2017-07-28 武汉斗鱼网络科技有限公司 The authorization check method and device of video playback

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509047A (en) * 2011-11-09 2012-06-20 北京赛科世纪数码科技有限公司 Method and system for verifying program code in set-top box
CN105378662A (en) * 2013-05-30 2016-03-02 微软技术许可有限责任公司 Bundle package generation
US20160248754A1 (en) * 2013-05-31 2016-08-25 Palo Alto Networks, Inc. Password constraint enforcement used in external site authentication
CN107180170A (en) * 2017-05-09 2017-09-19 深圳海云安网络安全技术有限公司 A kind of Android APP are without shell reinforcement means

Also Published As

Publication number Publication date
CN107809672A (en) 2018-03-16

Similar Documents

Publication Publication Date Title
US9336389B1 (en) Rapid malware inspection of mobile applications
US9536080B2 (en) Method for validating dynamically loaded libraries using team identifiers
US10565378B1 (en) Exploit of privilege detection framework
JP5802848B2 (en) Computer-implemented method, non-temporary computer-readable medium and computer system for identifying Trojanized applications (apps) for mobile environments
US20140115659A1 (en) System and Methods for Secure Utilization of Attestation in Policy-Based Decision Making for Mobile Device Management and Security
US20160092190A1 (en) Method, apparatus and system for inspecting safety of an application installation package
US20150242629A1 (en) Smart containerization of mobile computing device resources
CN104392176A (en) Mobile terminal and method for intercepting device manager authority thereof
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
KR20170089352A (en) Firmware integrity verification for performing the virtualization system
US20160014123A1 (en) Apparatus and method for verifying integrity of applications
CN113190838A (en) Web attack behavior detection method and system based on expression
US8656182B2 (en) Security mechanism for developmental operating systems
WO2019001084A1 (en) Authentication method and device for video stream address
WO2019071828A1 (en) Method for detecting secondary packaging of application installation package, storage medium, device, and system
CN109522683B (en) Software tracing method, system, computer equipment and storage medium
Cao et al. Rotten apples spoil the bunch: An anatomy of Google Play malware
CN106407815B (en) Vulnerability detection method and device
WO2016188231A1 (en) Verification method and apparatus
Busch et al. Make remote forensic investigations forensic again: Increasing the evidential value of remote forensic investigations
CN106919844A (en) A kind of android system vulnerability of application program detection method
CN113596600B (en) Security management method, device, equipment and storage medium for live broadcast embedded program
Chang et al. Towards a multilayered permission‐based access control for extending Android security
CN104866761B (en) A kind of high security Android intelligent terminal
WO2020228564A1 (en) Application service method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17928675

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17928675

Country of ref document: EP

Kind code of ref document: A1