CN109413414A - A kind of silence based on android system is taken pictures detection method - Google Patents

A kind of silence based on android system is taken pictures detection method Download PDF

Info

Publication number
CN109413414A
CN109413414A CN201811504103.6A CN201811504103A CN109413414A CN 109413414 A CN109413414 A CN 109413414A CN 201811504103 A CN201811504103 A CN 201811504103A CN 109413414 A CN109413414 A CN 109413414A
Authority
CN
China
Prior art keywords
function
taking pictures
pictures
surfaceview
app
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811504103.6A
Other languages
Chinese (zh)
Other versions
CN109413414B (en
Inventor
陈晓宇
华景煜
仲盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Original Assignee
Nanjing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University filed Critical Nanjing University
Priority to CN201811504103.6A priority Critical patent/CN109413414B/en
Publication of CN109413414A publication Critical patent/CN109413414A/en
Application granted granted Critical
Publication of CN109413414B publication Critical patent/CN109413414B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N17/00Diagnosis, testing or measuring for television systems or their details
    • H04N17/002Diagnosis, testing or measuring for television systems or their details for television cameras
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N23/00Cameras or camera modules comprising electronic image sensors; Control thereof
    • H04N23/60Control of cameras or camera modules
    • H04N23/62Control of parameters via user interfaces

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Studio Devices (AREA)

Abstract

It takes pictures detection method the invention discloses a kind of silence based on android system, including the detection for behavior of taking pictures and for the detection for interface View size of taking pictures;The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures, it finds after taking pictures function, function and the function of function of taking pictures is called to record taking pictures, and then both flow chart tracking is carried out to the function and function of taking pictures that call function of taking pictures, circulation is to the end, the call flow chart for function of taking pictures thoroughly can all be found, finally only need to judge the handling function of the final click with the presence or absence of user of process;If there is no clicking operation function, continue the detection for interface View size of taking pictures: finding camera preview frame SurfaceView, and judge the size of two attributes of SurfaceView, if two attributes of SurfaceView are less than the threshold value of definition, then judge that the behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.

Description

A kind of silence based on android system is taken pictures detection method
Technical field
It takes pictures detection method the present invention relates to a kind of silence based on android system, belongs to technical field of system security.
Background technique
In daily life, the also indispensable key player of performer of the camera on mobile phone, takes pictures, scans two dimension Code, record video or even AR function require to call to camera.Also just so, the upper many app of Android can whereabouts system System applies for the permission of camera to be developed, this accounting has reached 30.75%, and the safety of this camera that just seems is especially heavy It wants.But Android is in the design of the call-by mechanism of camera at present, there is one to be called the silent attack taken pictures, together Sample is also known as spy cameras, that is, malice app is by returning to video camera the live-pictures preview of user The sufficiently small of frame size setting can call camera to go to take pictures in the unwitting situation of user, and malice app is being supervised After hearing that user has clapped photograph using normal app, it is taken pictures using silence and is quickly taken on the sly one, to steal the interior of user's shooting Hold.
This problem all occurred in many attacks before, but did not caused great attention.So far, Android8.0 or less still remains such problems, everybody do not pay attention to be the main reason for this problem, it is believed that just Calculate that will not can obtain using this attack is useful and the information of enough menaces can be played to user.In fact not So, we take the lead in finding, take pictures to attack using silence and attack in conjunction with the RAM leakage that money teacher proposes upper before, can be to mesh Preceding very fiery two dimensional code payment causes very big harm, can directly steal payment cipher of the user on payment platform even Log-on message, this is an attack very serious.
One is paid using the take pictures survey channel attack of attack and memory overflow of silence to steal user after study for we The attack of the payment cipher of platform, the attack of taking pictures of discovery silence is an attack very serious.For this purpose, we are to this attack Comprehensive and systematic analysis is carried out.App popular on 3827 sections of APK.com by inquiry, to wherein real calling camera 241 sections of app are analyzed, and have obtained the sensitive information that silent attack of taking pictures may be stolen, and it was found that by these information, Silence, which is taken pictures, will also cause further to endanger.
And we pass through test discovery, the at present market the Android detection platform of mainstream or the security classes app on mobile phone It all has no idea to detect such attack.
Summary of the invention
Goal of the invention: aiming at the problems existing in the prior art with deficiency, the present invention provides a kind of based on android system Silence is taken pictures detection method.
Technical solution: a kind of silence based on android system is taken pictures detection method, including for behavior of taking pictures detection and For the detection for interface View size of taking pictures;The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures, It finds after taking pictures function, function and the function of function of taking pictures is called to record taking pictures, and then take pictures function to calling Both function and function of taking pictures carry out flow chart tracking, be recycled to last, it will be able to which the call flow chart for function of taking pictures is thorough Bottom is all found, and finally only needs to judge the handling function of the final click with the presence or absence of user of process;If not point Handling function is hit, the detection for interface View size of taking pictures is continued: finding camera preview frame SurfaceView, and sentences The size of two attributes of disconnected SurfaceView judges if two attributes of SurfaceView are less than the threshold value of definition The behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.
The method of the process of taking pictures found in app are as follows: carry out static analysis, tracking using apk of the Soot to app In the Activity of apk, if the signature comprising function of taking pictures just takes pictures calling the letter of function if containing this function The signature of number A is recorded, and then both carries out flow chart tracking to function A and function of taking pictures, and is recycled to finally, just The call flow chart for function of taking pictures thoroughly can all be found, finally only need to judge the final point that whether there is user of process The handling function hit.
The function of taking pictures is the api function takePicture () that Android system provides;On API > 21, some app meetings Replace takePicture () with capture () function, in such cases, the function of taking pictures is capture ().
Detection for interface View size of taking pictures includes the following steps:
1) firstly, it will be understood that in the process of development, developer can be by an initial good SurfaceHolder object SetPreviewDisplay (SurfaceHolder surfaceHolder) is come into, then camera could pass through system StartPreview () function opens the live preview frame of a camera, and then user could execute photographing command, and In Android exploitation, this live preview frame using SurfaceView come realizing, which means that we are tracked by counter SetPreviewDisplay () can be obtained by this SurfaceView object;
It 2) is next exactly the size for finding this SurfaceView after finding this SurfaceView object, It is to have no idea to know size that light, which finds object, we will find the corresponding layout description section of SurfaceView object. Because each interface is in an activity in Android app, this object of SurfaceView is no exception, We can find activity locating for SurfaceView object, utilize the function of layout resource file SetcontentView (R.layout.id) just can obtain the id at interface corresponding to activity, can be by id The specific name of topology file is found in public.xml, because public.xml file is exactly for recording resource id and resource The corresponding file of filename;Using title also activity can be found in the resource folder that apktool is unziped to Corresponding topology file, and the description of the layout of SurfaceView preview pane object is just stored in this activity and corresponds to Topology file in;
3) after having found the SurfaceView for showing photo preview to user, judge set by developer The size of the attribute of two SurfaceView of layout_width and layout_height.
Detailed description of the invention
Fig. 1 is the flow chart that Android takes pictures;
Fig. 2 is that the normal app of Android takes pictures the call flow chart of function;
Fig. 3 is the function flow chart that Android app camera preview frame generates.
Specific embodiment
Combined with specific embodiments below, the present invention is furture elucidated, it should be understood that these embodiments are merely to illustrate the present invention Rather than limit the scope of the invention, after the present invention has been read, those skilled in the art are to various equivalences of the invention The modification of form falls within the application range as defined in the appended claims.
Silence based on android system is taken pictures detection method, including the detection for behavior of taking pictures and for interface of taking pictures The detection of View size.
For the detection for the behavior of taking pictures
As shown in Figure 1, be the flow chart that Android takes pictures, it can be seen from the figure that after opening camera, Android mobile phone, which passes through a SurfaceView first photo preview is shown to user, to be seen, when initiating a bat to camera After request, the initial data photographed will be returned to mobile phone by camera, and waiting is further processed.As shown in Fig. 2, just In normal behavior of taking pictures, this CaptureRequest is often by Client-initiated, and meaning user click, some is taken pictures Button, app just can initiate request of taking pictures to CameraDevice, and among silence is taken pictures, CameraRequest is by malice What app was initiated in the unwitting situation of user, therefore be not have that click is operated.
Therefore, for the detection for the behavior of taking pictures, what we to be done is exactly to obtain the calling stream of takePicture () function Journey, upper figure are the processes of taking pictures that we find in an app, we can easily see, takePicture () function It was called before this by a User-Defined Functions captrue (), and captrue's () is finally by an onClick () Function call, which means that only when app listen to user click operation when, app just will start camera into Row is taken pictures.And for silence is taken pictures, it can not find an onClick () in the flow chart of takePicture () function Source.
So we are when carrying out static analysis to apk using decompiling instrument Soot, it is only necessary to go to search The call flow chart of takePicture ().In Soot, each function suffers from oneself unique signature, so When being analyzed using Soot, it is only necessary to by constantly tracking whether the call statement in Activity includes this letter Number signature is just recorded the signature for the function A for calling takePicture () and then right if containing this function A and takePicture () both carries out flow chart tracking, is recycled to last, it will be able to by the calling of takePicture () Flow chart is thoroughly all found, and finally only needs to judge the final clicking operation function such as onClick that whether there is user of process The handling function of ().
It is exactly with capture () function instead of takePicture () function it is worth noting that, after API21, When tracking, tracking capture () should be just selected, others do not have an impact.
For the detection for interface View size of taking pictures
If an only upper detection, can not also illustrate whether app is safe completely, because we are in reality Middle discovery has some developers that can introduce third-party packet during exploitation, and is possible to have bat in third-party packet According to relevant function, and developer and this partial function is not used, if only with the judgement of a upper trifle, it is easy to just straight It connects and this is judged as malice app, but actually this is not so, it would therefore be desirable to for the detection for interface View size of taking pictures.
This detects the detection of the size primarily directed to real time camera preview pane, and this problem essentially consists in how to go really Recognize the SurfaceView for real-time display camera preview, the effect of SurfaceView can be not only in Android after all For showing photo preview to user, and how to find the SufaceView to take pictures is the most important thing.
It is divided into following several steps to find SufaceView:
1) function is called setPreviewDisplay (SurfaceHolder in Android SurfaceHolder it) determines to select which SurfaceView as the live preview frame for being shown to user, is with Fig. 3 Example, it can be seen that the wherein calling sequence of SurfaceView carried out assignment by findViewById before this, and then passed through GetHolder () function assignment gives a SurfaceHolder variable, finally by setPreviewDisplay () function tune With by this, the preview pane that this SurfaceView will act as a Camera is shown to user.
2) it after we find this SurfaceView, also just has found locating for this SurfaceView Activity, after finding activity, the function setcontentView that is outlined above using us (R.layout.id) id at interface corresponding to activity just can be obtained, id here is just as in Fig. 3 String number in findViewById function, by the way that this string number is switched to 16 systems, we can be in public.xml In find the specific name of topology file.Also it can be found in the resource folder that apktool is unziped to using title, Namely we are used to carry out the interface of photo preview.
3) we can be right after once we have found the SurfaceView for showing photo preview to user Its size judge, the judgement of size is exactly to see layout_width set by developer and layout_ The size of the attribute of two SurfaceView of height.
If it find that size be really it is too small, here too small refers to that human eye can not be seen, above reflection to numerical value, Difference, but generally less than 100dp are had according to different mobile phone screens, just illustrates that developer is not intended to the preview graph photo User's viewing is sent back to, then user also just has no idea to judge whether the camera of oneself has successfully opened, it is meant that Developer has reached the intention for opening camera quietly by the eyes of user cheating.
By two above-mentioned steps, we have obtained the call flow chart and SurfaceView of takePicture () Size, we are it may determine that whether an app is legal app, because of the open source of android, corresponding to app Installation kit apk is readily available, and can all be provided in the market, therefore, we be easy to by the above method come pair Apk is analyzed to judge whether an app is legal app.
It is worth noting that, because that we to be checked is takePicture () and setPreviewDisplay () Function, the two functions be all system provide api function (on API > 21, some app can with capture () function replace TakePicture () function, but our analytical plan is not influenced), so we are also after being obscured apk It is the calling path that can find the two functions, is all that our result will not be had an impact.So our side Case has very big effect in fact.

Claims (4)

  1. The detection method 1. a kind of silence based on android system is taken pictures, it is characterised in that: including for take pictures behavior detection and For the detection for interface View size of taking pictures;
    The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures, it finds after taking pictures function, letter of taking pictures Number and the function of function of taking pictures is called to record, and then to calling take pictures function function and take pictures function both into The tracking of row flow chart is recycled to last, it will be able to thoroughly all find the call flow chart for function of taking pictures, finally only need to judge The handling function of the final click with the presence or absence of user of process;
    If there is no clicking operation function, continue the detection for interface View size of taking pictures: finding camera preview frame SurfaceView, and judge the size of two attributes of SurfaceView, determine if two attributes of SurfaceView are less than The threshold value of justice, then judge that the behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.
  2. The detection method 2. silence based on android system as described in claim 1 is taken pictures, it is characterised in that: described in app The method of the process of taking pictures found are as follows: carry out static analysis using apk of the Soot to app, track in the Activity of apk, be It is no, if containing this function, just the take pictures signature of function A of function of calling to be recorded comprising the signature of function of taking pictures, And then both flow chart tracking is carried out to function A and function of taking pictures, it is recycled to last, it will be able to by the tune for function of taking pictures It is thoroughly all found with flow chart, finally only needs to judge the handling function of the final click with the presence or absence of user of process.
  3. The detection method 3. silence based on android system as claimed in claim 1 or 2 is taken pictures, it is characterised in that: described to take pictures Function is the api function takePicture () that Android system provides;On API > 21, some app can use capture () function Replace takePicture (), in such cases, the function of taking pictures is capture ().
  4. The detection method 4. silence based on android system as described in claim 1 is taken pictures, it is characterised in that: for boundary of taking pictures The detection of face View size includes the following steps:
    1) SurfaceView pairs of live preview frame is obtained by instead tracking the take pictures setPreviewDisplay () of process of app As;
    It 2) is next exactly the size for finding this SurfaView after finding this SurfaceView object, light is to look for It has no idea to know size to object, needs to find the corresponding layout description section of SurfaceView object;It finds Activity locating for SurfaceView object utilizes the function setcontentView of layout resource file (R.layout.id) id that just can obtain interface corresponding to activity can be looked for by id in public.xml To the specific name of topology file, because public.xml file is exactly corresponding for recording resource id and resource file name File;The corresponding topology file of activity can be also found in the resource folder that apktool is unziped to using title , and the description of the layout of SurfaceView preview pane object is just stored in the corresponding topology file of this activity;
    3) after having found the SurfaceView for showing photo preview to user, judge layout_ set by developer The size of the attribute of two SurfaceView of width and layout_height.
CN201811504103.6A 2018-12-10 2018-12-10 silent photographing detection method based on android system Active CN109413414B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811504103.6A CN109413414B (en) 2018-12-10 2018-12-10 silent photographing detection method based on android system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811504103.6A CN109413414B (en) 2018-12-10 2018-12-10 silent photographing detection method based on android system

Publications (2)

Publication Number Publication Date
CN109413414A true CN109413414A (en) 2019-03-01
CN109413414B CN109413414B (en) 2020-01-31

Family

ID=65458156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811504103.6A Active CN109413414B (en) 2018-12-10 2018-12-10 silent photographing detection method based on android system

Country Status (1)

Country Link
CN (1) CN109413414B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113282909A (en) * 2021-05-11 2021-08-20 南京大学 Equipment fingerprint information acquisition item identification method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120034276A (en) * 2010-10-01 2012-04-12 김수복 Mobile communication apparatus and control method thereof, server for providing recovery service of the missing mobile apparatus
JP2013128165A (en) * 2011-12-16 2013-06-27 Nikon Corp Imaging apparatus
CN104966031A (en) * 2015-07-01 2015-10-07 复旦大学 Method for identifying permission-irrelevant private data in Android application program
CN108491722A (en) * 2018-03-30 2018-09-04 广州汇智通信技术有限公司 A kind of malware detection method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120034276A (en) * 2010-10-01 2012-04-12 김수복 Mobile communication apparatus and control method thereof, server for providing recovery service of the missing mobile apparatus
JP2013128165A (en) * 2011-12-16 2013-06-27 Nikon Corp Imaging apparatus
CN104966031A (en) * 2015-07-01 2015-10-07 复旦大学 Method for identifying permission-irrelevant private data in Android application program
CN108491722A (en) * 2018-03-30 2018-09-04 广州汇智通信技术有限公司 A kind of malware detection method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113282909A (en) * 2021-05-11 2021-08-20 南京大学 Equipment fingerprint information acquisition item identification method
CN113282909B (en) * 2021-05-11 2024-04-09 南京大学 Equipment fingerprint information acquisition item identification method

Also Published As

Publication number Publication date
CN109413414B (en) 2020-01-31

Similar Documents

Publication Publication Date Title
Roesner et al. World-driven access control for continuous sensing
Lin et al. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing
RU2018129947A (en) COMPUTER SECURITY SYSTEM BASED ON ARTIFICIAL INTELLIGENCE
Saltaformaggio et al. Vcr: App-agnostic recovery of photographic evidence from android device memory images
EP2211286B1 (en) Method for securing an interface between a user and an application, corresponding system, terminal and computer program
CN107729752A (en) One kind extorts software defense method and system
CN103136472A (en) Method and mobile device of stopping application program to steal privacy
CN106200891A (en) The display method of user interface, Apparatus and system
CN109388538A (en) A kind of file operation behavior monitoring method and device based on kernel
Aafer et al. Android {SmartTVs} vulnerability discovery via {log-guided} fuzzing
CN106961558A (en) One kind is taken pictures treating method and apparatus
Reddy Practical cyber forensics
Tariq et al. Am I a real or fake celebrity? Evaluating face recognition and verification APIs under deepfake impersonation attack
Bhatia et al. Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images.
ES2967061T3 (en) System and method to detect a malicious file through image analysis prior to file execution
CN109413414A (en) A kind of silence based on android system is taken pictures detection method
CN106874718A (en) privacy processing method, device and terminal
Abi Din et al. Boxer: Preventing fraud by scanning credit cards
Cai et al. Resource race attacks on android
CN106203148B (en) Unauthorized data access blocking method and computing device with unauthorized data access blocking function
CN109600361A (en) Identifying code anti-attack method and device based on hash algorithm
CN114513703A (en) Block chain-based trusted reward service processing method, device and equipment
CN113364766A (en) APT attack detection method and device
Kayabaş et al. Cyber wars and cyber threats against mobile devices: Analysis of mobile devices
Ma Android application install-time permission validation and run-time malicious pattern detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant