CN110096433B - Method for acquiring encrypted data on iOS platform - Google Patents
Method for acquiring encrypted data on iOS platform Download PDFInfo
- Publication number
- CN110096433B CN110096433B CN201910231814.9A CN201910231814A CN110096433B CN 110096433 B CN110096433 B CN 110096433B CN 201910231814 A CN201910231814 A CN 201910231814A CN 110096433 B CN110096433 B CN 110096433B
- Authority
- CN
- China
- Prior art keywords
- encryption
- function
- ios
- encrypted data
- hook
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3644—Software debugging by instrumenting at runtime
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention belongs to the technical field of mobile security in information security, and relates to a method for acquiring encrypted data on an iOS platform, wherein a DBI (database based interface) technology is adopted in the method for constructing an encryption feature library which is continuously expanded according to a Crypto library and a third party library which are carried by the iOS; when the iOS operates, the encrypted data and the key feature vectors are extracted from the iOS application, and the encrypted data on the iOS platform is finally obtained. The method has the advantages of more stable technology, higher efficiency and no influence of software reinforcement and anti-debugging; compared with reinforcement and confusion of static analysis, the dynamic binary pile inserting tool breaks away from static behavior characteristics, does not depend on the static analysis any more, and has more universality; compared with the anti-debugging behavior of confusion and dynamic debugging, the internal part of the program does not embody the relevant characteristics of debugging, so the internal part of the program is less easy to detect.
Description
Technical Field
The invention belongs to the technical field of mobile security in information security, relates to a technology for acquiring data in dynamic execution of iOS application, and particularly relates to a method for acquiring encrypted data on an iOS platform.
Background
A great deal of research is done in the field of security analysis of software encryption algorithms domestically and abroad, some feasible security analysis methods including static and dynamic security are proposed, and corresponding software security analysis tools are constructed. At present, the method for analyzing encrypted data on the iOS platform mainly comprises: static analysis, dynamic debugging, etc., which are briefly described below by way of example.
Static analysis of cryptographic features
The static analysis firstly needs to reversely analyze the function call flow, and analyzes the corresponding module and the import-export table aiming at the encryption algorithm so as to track the corresponding symbol function. By identifying the import header files related to encryption, analyzing encryption functions and algorithms in the import header files and analyzing assembly instructions, the key characteristics of original data sources, encrypted keys, salt values and the like are finally obtained.
In addition, in instruction level analysis, taint tracing and symbol execution are used, plaintext data to be decrypted is used as symbols, taint analysis is completed in the symbol execution process, corresponding input and output variables are compared when the taint analysis is finished, and the operation transformation process of the data is obtained.
Dynamic debugging of cryptographic functions
Aiming at encrypted original data, an encryption function is required to be debugged, and the lldb + debug server is utilized to search the encryption function of a key import library for debugging on the basis of static analysis. Before and after data encrypted in the dynamic running process, an encryption key, a hash salt value and the like are obtained by setting breakpoints on corresponding encryption functions and printing a register and a variable value.
Since the application data is generally securely transmitted through the associated encryption algorithm, the first step of extracting the original encrypted data is to analyze and identify the encryption algorithm used in the program. At present, many technical researches on analyzing program encryption algorithms are available, and the feature constants of the encryption algorithms can be extracted through static analysis, and according to the static analysis method described above, the mainstream software tools include: FindCrypt, PEiD, Krypto Analyzer plug, etc. The software is briefly described below:
FindCrypt
the FindCrypt/FindCrypt2 realizes static analysis through Python of IDA plug-in, specifically, through a static scanning program, and uses a fixed constant of an encryption algorithm to match the encryption algorithm, the recognizable encryption algorithm and the fixed constant are shown in Table 1,
TABLE 1 FindCrypt/FindCrypt2 recognizable encryption algorithm and fixed constant list
Krypto Analyzer
The Krypto Analyzer plug-in searches for known encryption algorithms, functions and libraries within a specified module and lists the detected encryption algorithms, constants, functions and libraries. Displaying the offset of the signature for each item; if the file being analyzed is a PE executable, the signed virtual address is also displayed.
Correspondingly, the dynamic analysis method also has a corresponding dynamic debugging tool, which is briefly described as follows:
LLDB
for the iOS program, LL DB is the default debugger for Xcode on Mac OS system, supporting debug Objective-C and C/C + + on iOS device and simulator after finding the relevant encryption function by static analysis, breakpoint can be set for relevant address by LL DB debugger, and the iOS program can be debugged to obtain encrypted data and feature information.
At present, no matter static analysis or dynamic debugging is aimed at, certain problems exist more or less, although corresponding tools are continuously updated and do much work, in general, functional limitations which can be realized by each algorithm are larger, and the following are listed:
(1) relying solely on in-program analysis techniques
Both static analysis and dynamic debugging are just based on the internal part of program analysis, and cannot extract external function features related to encryption, and for the encryption process of data, fixed encryption features cannot be unified, and the analysis method itself has disadvantages because the method depends on the reverse analysis of the program and cannot be separated from related static and dynamic analysis techniques.
(2) Deficiency of static analysis
Certain cryptographic algorithms, such as RSA, may be detected based on their implementation in a particular cryptographic library. However, such detection depends on the compiler used and its optimization settings, etc., and is therefore not applicable in all cases. In addition, some constant values detected in dword data are occasionally prone to false positives.
For some encryption algorithms that share a common initialization code, there is a possibility that multiple encryption algorithms may be "confused" if they exist in the file. The static analysis plug-in attempts to filter the results in some way (e.g., guessing the actual encryption algorithm using "shared" code), but of course may not be 100% accurate.
Static analysis relies heavily on reading assembly codes, so that many open-source or paid tools can be used for implementing confusion or shelling, the aim is to resist the static analysis, for example, a reinforcing platform reinforces a program, LL VM performs confusion on control data flow, fuzzes program symbols, original encryption function names and the like, and the disassembly codes are difficult to read.
(3) Deficiencies of dynamic debugging
The dynamic debugging is a very complex and tedious operation, if the anti-debugging also needs manual analysis, the program is subjected to Patch, the debugging operation also needs to be configured with rather tedious operation steps, which is laborious and time-consuming.
Disclosure of Invention
With the great popularization of iOS users, a great number of mobile applications, such as financial applications, news applications, and car networking applications, are increasingly used, and these applications interact with a server through a network protocol to provide services for iOS users. The iOS data encryption analysis technology has very important application value in the security fields of iOS mobile application service logic vulnerability mining, mobile application network communication security testing, application program session replay, server-side Fuzz, mobile application network crawler and the like.
The encrypted data is extracted on the iOS platform, and the method has important significance for mobile security; the protection of the mobile terminal application to the service protocol data comprises the following steps: protocol encryption of a network layer, key field encryption, confusion of a code layer, dynamic generation of character strings and the like. Most of the traditional methods for performing reverse analysis on protocols rely on manual debugging analysis, but the analysis methods of manual debugging are time-consuming and labor-consuming, and most of software adopts code protection technologies such as code confusion and dynamic character string generation to resist analysis, so that the difficulty of manual debugging analysis is greatly improved, data encryption analysis in the current industry is mainly biased to manual analysis, and related technologies are deficient; the reliance on manual analysis remains large. How to realize reverse analysis and extraction of encrypted data without depending on static analysis and complicated dynamic debugging steps is a problem which is urgent for realizing data decryption, improving reverse efficiency and accuracy and the like.
The invention mainly aims to provide a method for obtaining encrypted data based on a Dynamic Binary Instrumentation (DBI) technology, namely a method for obtaining the encrypted data on an iOS platform.
The Dynamic Binary Instrumentation (DBI) technique is a Dynamic Binary Instrumentation technique that inserts additional code and data in real time while a program is running without any permanent changes to the executable file. The tool may automatically extract the encrypted data and key feature vectors for the iOS application. The mobile terminal application mainly adopts the Crypto library of the iOS and uses a third party library to realize the encryption algorithm.
The specific technical scheme is as follows:
a method for obtaining encrypted data on an iOS platform comprises the following steps:
s1, since the iOS is a closed system, the official packages the own encryption system, and uses a uniform Crypto library, the code characteristics can be described as creating a key factory, selecting an encryption mode/filling mode, generating a key, and encrypting. Aiming at an iOS encryption method, extracting a key encryption function of an encryption algorithm in a Crypto library from an iOS encryption header file provided by an official party;
s2, according to the setting rule of each category of encryption algorithm in the Crypto library, setting a hook module (hook module) by using the script language corresponding to the dynamic binary instrumentation tool, compiling a hook script for the key encryption function, setting a function hook, printing parameters and returning values;
s3, taking the key encryption function as an encryption feature function to construct an encryption feature library;
s4, manually injecting hook scripts into the iOS application by using a dynamic binary instrumentation tool;
s5, operating the iOS application, and automatically triggering the hook module;
when the actual encrypted data of the iOS application matches the data acquired by the hook module, that is, when the actual encrypted data of the iOS application matches the data of the encrypted feature function (encrypted feature data for short) in the encrypted feature library, step S10 is performed;
when the actual encrypted data of the iOS application does not match the encrypted data acquired by the hook module, that is, when the actual encrypted data of the iOS application does not match the data of the encrypted feature function in the encrypted feature library, the encrypted data of the iOS application cannot be acquired, or the hook module cannot be triggered, performing step S6;
s6, extracting iOS application samples which cannot acquire encrypted data;
s7, carrying out program internal analysis on the extracted iOS application sample;
s8, extracting encryption functions which are not in the Crypto library, namely third-party library functions;
s9, manually adding an encryption function which is not in the Crypto library to the encryption feature library as an encryption feature function, simultaneously achieving the purpose of continuously enriching the encryption feature library, setting a hook module by using a scripting language corresponding to a dynamic binary instrumentation tool, compiling a hook script for the encryption function which is not in the Crypto library, setting a function hook, printing parameters and a return value; returning to step S4, continuing to execute the subsequent steps;
s10, obtaining original encryption data (namely extracting original data) of the iOS application through dump related parameters and return values, extracting encryption keys, salt values and the like, and further directly obtaining encryption plaintext and key information;
when the iOS application finishes the corresponding event or function, the encrypted data is obtained; otherwise, the process returns to step S5 to continue the subsequent steps.
On the basis of the technical scheme, the encryption algorithm comprises the following steps: symmetric encryption algorithm, hash algorithm, RSA encryption algorithm, and the like.
On the basis of the technical scheme, the key encryption function in the encryption algorithm comprises: the CCCrypt function of the symmetric encryption algorithm, the CC _ MD5 function, the CC _ SHA256 function and the CCHmac function of the hash algorithm, the SecKeyEncrypt function of the RSA encryption algorithm and the like.
On the basis of the technical scheme, when the hook script is compiled for the key encryption function, the API function provided by the dynamic binary instrumentation tool is adopted to process different types of parameters and return values.
On the basis of the technical scheme, the program internal analysis method comprises the following steps: static analysis methods and dynamic analysis methods.
The invention has the following beneficial technical effects:
(1) the technology is more stable
Dynamic Binary Instrumentation (DBI) technology can be used to access the memory of a process, overlay functions while an application is running, call functions from an imported class, find object instances on a heap, and use the object instances to do Hook, trace, and intercept functions, etc., if a debugger is used to do so, a series of problems such as anti-debugging are easily encountered, and attempts are made to prevent debuggers. However, by adopting the DBI technology, the method can be started quickly without knowing details in the DBI technology, and the purpose of acquiring the execution flow of the function is achieved under the condition that the operation of the whole software is not influenced. Compared with other technologies such as static instrumentation, the technology has more stable execution because the program is not modified.
(2) The efficiency is higher.
Login registration for iOS applications, and other important functions, such as: the method comprises the steps of network transmission of sensitive data and processing of encryption algorithm of the transmitted data, reverse analysis of a program is not needed, code flow and function calling relation are analyzed layer by layer, and related characteristic encryption functions are searched; the dynamic instrumentation automatic matching encryption method obtains the original encrypted data and the key encryption constant, and greatly improves the efficiency of reverse analysis.
(3) And the method is not influenced by software reinforcement and anti-debugging.
Compared with the reinforcement and confusion of the static analysis, the dynamic binary instrumentation tool breaks away from the static behavior characteristics and does not depend on the static analysis, namely, the reverse direction of the program, so that the method has more universality. Compared with the anti-debugging behavior of confusion and dynamic debugging, the internal part of the program does not embody the relevant characteristics of debugging, so the internal part of the program is less easy to detect.
Drawings
The invention has the following drawings:
fig. 1 is a schematic flow chart of a method for acquiring encrypted data on an iOS platform according to the present invention.
Fig. 2 is a schematic view of a scene flow for applying the method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and examples.
In order to extract encrypted data of an iOS application on an iOS platform, the present invention provides a method for acquiring encrypted data on the iOS platform, which is specifically described as follows:
as shown in fig. 1, the process steps of the method of the present invention are as follows:
aiming at a section of encrypted data generated by iOS application, firstly processing a Crypto library carried by the iOS, and according to setting rules of various types of encryption algorithms in the Crypto library, setting function hooks aiming at a CC _ MD5 function, a CC _ SHA256 function, a CCHmac function in a Hash algorithm, a CCCrypt function in a symmetric encryption algorithm, a SecKeyEncrypt function in an asymmetric encryption algorithm RSA and the like.
Reading a rule file, namely setting rules of encryption algorithms of various categories in a Crypto library, and writing related hook modules, printing parameters and return values.
And according to the encryption rule and the function hook, a dynamic binary instrumentation tool is utilized to inject a hook script into the iOS application, and a hook module is triggered to obtain a return result.
If the fact that the iOS application cannot trigger the rule of the encryption feature library is found (namely the actual encryption data of the iOS application is not matched with the data of the encryption feature function in the encryption feature library, the encryption data of the iOS application cannot be obtained, or the hook module cannot be triggered), manually analyzing an iOS application sample which cannot be triggered, namely performing program internal analysis, adding a third-party library function which is not included in the encryption feature library, and repeating the steps of injecting the hook script into the iOS application and the subsequent steps; otherwise, obtaining data before and after encryption according to the parameters and the return values obtained by the hook, and extracting important information such as encryption keys, salt values and the like.
The application of the method of the invention is exemplified as follows:
enterprises and individuals who develop software can use the method of the application to detect the developed iOS application or perform vulnerability audit on leaked data, find out existing risks and improve the existing risks. The developer may also detect defects in the encryption algorithm.
As shown in fig. 2, which is a schematic step of a scenario flow for applying the method of the present invention, for an iOS application, a DBI tool is first run, and a Hook result is obtained by combining the method of the present invention; performing vulnerability/defect audit on the iOS application according to the Hook result, then performing risk positioning, and modifying the vulnerability/defect of the iOS application; and returning to the initial step again, carrying out the next round of detection on the iOS application, and repeating the process steps until the risk of the iOS application is reduced to the minimum.
The key points of the invention to be protected are as follows:
① encryption feature library extensibility
Besides the iOS self-packaged encryption library, the encryption rules adopted by the third party can be continuously extracted from the application sample without obtaining the encrypted data and added to the encryption feature library to expand the encryption feature library.
② obtaining encrypted data automatically
Based on setting hooks for the encryption function rule base, a complex reverse flow is not needed, and when the iOS application triggers the function hook characteristics in the hook module, encrypted original data and important characteristics of an encryption algorithm are automatically output.
③ implementation of function hook features in hook module for encrypted feature library using DBI technology
Common program external characteristics are extracted aiming at a general encryption function used by the iOS application, and a hook module is compiled and an injection script is injected by utilizing a Dynamic Binary Instrumentation (DBI) technology to obtain encrypted data.
The foregoing is considered to be merely preferred embodiments of this invention, rather than all embodiments thereof. All equivalent structural or process changes made by using the contents of the specification and the drawings of the invention, or directly or indirectly applied to other related technical fields, are included in the scope of the patent protection of the invention.
Those not described in detail in this specification are within the knowledge of those skilled in the art.
Claims (4)
1. A method for obtaining encrypted data on an iOS platform is characterized by comprising the following steps:
s1, extracting a key encryption function of an encryption algorithm in a Crypto library from the iOS encryption header file provided by an official party;
the key cryptographic function includes: CCCrypt function of symmetric encryption algorithm, CC _ MD5 function, CC _ SHA256 function and CCHmac function of hash algorithm, and SecKeyEncrypt function of RSA encryption algorithm;
s2, according to the setting rule of each category of encryption algorithm in the Crypto library, setting a hook module by using a script language corresponding to a dynamic binary instrumentation tool, compiling a hook script for the key encryption function, setting a function hook, printing parameters and returning values;
s3, taking the key encryption function as an encryption feature function to construct an encryption feature library;
s4, manually injecting hook scripts into the iOS application by using a dynamic binary instrumentation tool;
s5, operating the iOS application, and automatically triggering the hook module;
when the actual encrypted data of the iOS application matches the data acquired by the hook module, performing step S10;
when the actual encrypted data of the iOS application does not match the encrypted data acquired by the hook module, performing step S6;
s6, extracting iOS application samples which cannot acquire encrypted data;
s7, carrying out program internal analysis on the extracted iOS application sample;
s8, extracting encryption functions which are not in the Crypto library;
s9, manually adding an encryption function which is not in the Crypto library to the encryption feature library as an encryption feature function, setting a hook module by using a scripting language corresponding to a dynamic binary instrumentation tool, compiling a hook script for the encryption function which is not in the Crypto library, setting a function hook, printing parameters and a return value; returning to step S4, continuing to execute the subsequent steps;
s10, obtaining original encryption data of the iOS application through dump related parameters and return values, extracting encryption keys and salt values, and further directly obtaining encryption plaintext and key information;
when the iOS application finishes the corresponding event or function, the encrypted data is obtained; otherwise, the process returns to step S5 to continue the subsequent steps.
2. The method of obtaining encrypted data on an iOS platform of claim 1, wherein: the encryption algorithm comprises: symmetric encryption algorithms, hash algorithms and RSA encryption algorithms.
3. The method of obtaining encrypted data on an iOS platform of claim 1, wherein: and when the hook script is compiled for the key encryption function, processing different types of parameters and return values by adopting an API function provided by a dynamic binary instrumentation tool.
4. The method of obtaining encrypted data on an iOS platform of claim 1, wherein: the program internal analysis method comprises the following steps: static analysis methods and dynamic analysis methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910231814.9A CN110096433B (en) | 2019-03-26 | 2019-03-26 | Method for acquiring encrypted data on iOS platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910231814.9A CN110096433B (en) | 2019-03-26 | 2019-03-26 | Method for acquiring encrypted data on iOS platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110096433A CN110096433A (en) | 2019-08-06 |
| CN110096433B true CN110096433B (en) | 2020-07-14 |
Family
ID=67443209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910231814.9A Active CN110096433B (en) | 2019-03-26 | 2019-03-26 | Method for acquiring encrypted data on iOS platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110096433B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580057A (en) * | 2020-12-17 | 2021-03-30 | 光通天下网络科技股份有限公司 | Attack vulnerability detection method, device, equipment and medium for ZIP encrypted compressed packet |
| CN113392416B (en) * | 2021-06-28 | 2024-03-22 | 北京恒安嘉新安全技术有限公司 | Method, device, equipment and storage medium for acquiring application program encryption and decryption data |
| CN114390012A (en) * | 2021-12-15 | 2022-04-22 | 中国电子科技集团公司第三十研究所 | West trust application data evidence obtaining method based on reverse analysis |
| CN115550058B (en) * | 2022-11-21 | 2023-03-10 | 卓望数码技术(深圳)有限公司 | Shared file transparent encryption method and system |
| CN116483734B (en) * | 2023-06-16 | 2024-03-19 | 荣耀终端有限公司 | Pile inserting method and system based on compiler and related electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1777854A (en) * | 2003-03-13 | 2006-05-24 | 科沃德科技公司 | A computer system and an apparatus for use in a computer system |
| CN107040553A (en) * | 2017-06-16 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Leak analysis method, device, terminal and storage medium |
| CN109446053A (en) * | 2018-09-03 | 2019-03-08 | 平安普惠企业管理有限公司 | Test method, computer readable storage medium and the terminal of application program |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103345445A (en) * | 2013-07-02 | 2013-10-09 | 华中科技大学 | Security chip design method based on control flow detection and resistant to error injection attack |
| US20160267279A1 (en) * | 2015-03-02 | 2016-09-15 | Cirrus Lender Services, Inc. | Web application perpetually encrypted obscured filesystem |
| US10713146B2 (en) * | 2015-06-26 | 2020-07-14 | AVAST Software s.r.o. | Dynamic binary translation and instrumentation with postponed attachment to running native threads |
-
2019
- 2019-03-26 CN CN201910231814.9A patent/CN110096433B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1777854A (en) * | 2003-03-13 | 2006-05-24 | 科沃德科技公司 | A computer system and an apparatus for use in a computer system |
| CN107040553A (en) * | 2017-06-16 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Leak analysis method, device, terminal and storage medium |
| CN109446053A (en) * | 2018-09-03 | 2019-03-08 | 平安普惠企业管理有限公司 | Test method, computer readable storage medium and the terminal of application program |
Non-Patent Citations (2)
| Title |
|---|
| iOS应用隐私泄露检测技术的研究与实现;於剑波;《中国优秀硕士学位论文全文数据库 信息科技辑》;20181115(第11期);第I138-55页 * |
| Research and achievement of QR code encryption based on cellular automata;Yu Xiaoyang等;《 Proceedings of 2013 2nd International Conference on Measurement,Information and Control》;20140306;第314-318页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110096433A (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110096433B (en) | Method for acquiring encrypted data on iOS platform | |
| Xu et al. | Spain: security patch analysis for binaries towards understanding the pain and pills | |
| US9715593B2 (en) | Software vulnerabilities detection system and methods | |
| US10114946B2 (en) | Method and device for detecting malicious code in an intelligent terminal | |
| Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
| Yu et al. | Deescvhunter: A deep learning-based framework for smart contract vulnerability detection | |
| CN104834859B (en) | The dynamic testing method of malicious act in a kind of Android applications | |
| Drewry et al. | Flayer: Exposing Application Internals. | |
| CN108123956B (en) | Password misuse vulnerability detection method and system based on Petri network | |
| CN108628743B (en) | Application program testing method, device, equipment and storage medium | |
| Tang et al. | A novel hybrid method to analyze security vulnerabilities in android applications | |
| JPWO2020075335A1 (en) | Analysis function addition device, analysis function addition method and analysis function addition program | |
| CN112231702B (en) | Application protection method, device, equipment and medium | |
| TW201626267A (en) | Static detection system and method of application, and computer program product | |
| CN111859380A (en) | Zero false alarm detection method for Android App vulnerability | |
| Li et al. | Large-scale third-party library detection in android markets | |
| CN109902487B (en) | Android application malicious property detection method based on application behaviors | |
| CN106874758A (en) | A kind of method and apparatus for recognizing document code | |
| CN115827610A (en) | Method and device for detecting effective load | |
| McMahon Stone et al. | The closer you look, the more you learn: A grey-box approach to protocol state machine learning | |
| Tang et al. | Ssldetecter: detecting SSL security vulnerabilities of android applications based on a novel automatic traversal method | |
| CN109241706B (en) | Software plagiarism detection method based on static birthmarks | |
| Garcia | Firmware modification analysis in programmable logic controllers | |
| Niu et al. | Clone analysis and detection in android applications | |
| CN117009972A (en) | Vulnerability detection method, vulnerability detection device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |