Android删除chartty证书,C/C++知识点之android应用安全分析

本文主要向大家介绍了C/C++知识点之android应用安全分析，通过具体的内容向大家展示，希望对大家学习C/C++知识点有所帮助。

应用名：OKEx(OKEx-android.apk)

包名：com.okinc.okex

MD5 ：1ffbd328d13e91b661592cdf58516bd2

版本：1.7.8

加固信息 : 未加固

详细信息：

所有者: CN=OK inc., OU=OK inc., O=OK inc., L=Beijing, ST=Beijing, C=CN发布者: CN=OK inc., OU=OK inc., O=OK inc., L=Beijing, ST=Beijing, C=CN序列号: 3bd2d760有效期开始日期: Tue Dec 20 15:39:29 CST 2016, 截止日期: Thu Nov 26 15:39:29 CST 2116证书指纹:MD5: C6:96:EB:AA:58:BA:B0:A1:EB:E8:B3:D2:65:D0:89:28SHA1: 46:17:0C:99:DC:92:90:BA:D5:F3:CD:F6:C1:30:D8:42:5D:93:6D:77SHA256: 77:B9:67:49:D8:F5:A4:F0:79:AB:17:36:18:4A:1B:D2:87:0D:02:CA:14:CD:1C:A9:FF:BD:A8:1A:CB:65:10:E9签名算法名称: SHA256withRSA版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 47 E8 D6 8A 5C E3 77 F8 1F 28 49 7D C6 BF 9F 36 G....w..(I....60010: DE 2D 41 1D .-A.]]

keytool -printcert -file /Users/liuhailong/Desktop/OKEx-android/META-INF/CERT.RSA

receiver

com.taobao.accs.ServiceReceiver

com.taobao.accs.EventReceiver

com.taobao.agoo.AgooCommondReceiver

com.umeng.message.NotificationProxyBroadcastReceiver

com.just.library.RealDownLoader$NotificationBroadcastReceiver

com.alibaba.sdk.android.feedback.impl.NetworkChangeReceiver

provider

cn.udesk.provider.UdeskFileProvider

com.umeng.message.provider.MessageProvider

com.tencent.bugly.beta.utils.BuglyFileProvider

com.just.library.AgentWebFileProvider

service

com.umeng.message.UmengMessageIntentReceiverService

com.taobao.accs.ChannelService

com.umeng.message.UmengIntentService

com.umeng.message.XiaomiIntentService

com.taobao.accs.data.MsgDistributeService

org.android.agoo.accs.AgooService

com.tencent.tinker.lib.service.TinkerPatchService$InnerService

com.taobao.accs.ChannelService$KernelService

com.taobao.accs.internal.AccsJobService

com.tencent.bugly.beta.tinker.TinkerResultService

com.alibaba.mtl.appmonitor.AppMonitorService

com.tencent.tinker.lib.service.DefaultTinkerResultService

com.umeng.message.UmengMessageCallbackHandlerService

com.tencent.tinker.lib.service.TinkerPatchService

com.umeng.message.UmengDownloadResourceService

activity

com.lanmang.sharelib.wxapi.WXEntryActivity

com.mob.tools.MobUIShell

com.okinc.okex.ui.WelcomeActivity

com.okinc.okex.ui.SchemeActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_09

com.okinc.okex.ui.mine.futures.FuturesBillEntrustActivity

com.okinc.okex.ui.futures.menu.FuturesTransactionsActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_08

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01

com.okinc.okex.ui.mine.rate.ExchangeRateActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_03

com.okinc.okex.ui.mine.login.forgetpwd.ForgetPwdActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_05

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_04

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_07

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_06

com.okinc.okex.ui.futures.menu.FuturesSettingsActivity

com.okinc.okex.ui.mine.security.TradePwdActivity

com.okinc.okex.ui.otc.b2c.customer.order.proof.OtcOrderProofUploadActivity

com.okinc.okex.ui.mine.asset.ResultActivity

com.okinc.okex.ui.mine.asset.AssetsActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00_T

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00

com.okinc.okex.ui.otc.b2c.customer.order.detail.OtcOrderDetailActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00_T

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02_T

com.okinc.okex.ui.futures.menu.FuturesOrderHistoryActivity

pub.devrel.easypermissions.AppSettingsDialogHolderActivity

com.okinc.okex.ui.mine.about.JoinGroupActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_09

com.okinc.okex.ui.kyc.record.RecordActivity

com.okinc.okex.ui.mine.spot.SpotBillEntrustActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_03

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_06

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_07

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_04

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_05

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_08

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_09

com.okinc.okex.ui.mine.asset.SpotAssetsActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_05

com.okinc.okex.ui.futures.menu.liquidation.LiquidationActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_07

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01

com.okinc.okex.ui.mine.rate.RateActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_03

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_04

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02_T

com.okinc.okex.ui.otc.b2c.customer.order.OtcOrderActivity

com.okinc.okex.ui.mine.SpotHistoryActivity

com.okinc.okex.ui.mine.address.AddressManageActivity

cn.udesk.activity.UdeskHelperActivity

com.okinc.okex.ui.home.base.HomeActionActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_05

com.okinc.okex.ui.mine.AccountSelectActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_07

com.okinc.okex.ui.spot.orderhistory.OrderHistoryActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01

cn.udesk.activity.UdeskOptionsAgentGroupActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_03

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02

com.okinc.okex.ui.mine.address.AddressAddActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_08

com.okinc.okex.ui.kyc.senior.SeniorActivity

com.okinc.okex.ui.market.remind.PriceRemindSetActivity

com.okinc.okex.ui.market.kline.ui.ChartActivity

com.okinc.okex.ui.mine.spot.MarginLoanActivity

com.okinc.okex.ui.otc.c2c.trade.publish.C2CTradePlaceOrderActivity

com.okinc.okex.ui.otc.b2c.customer.order.proof.OtcOrderProofActivity

com.okinc.okex.ui.kyc.normal.NormalCertificationActivity

com.okinc.okex.ui.futures.menu.FuturesSelectActivity

com.okinc.okex.ui.otc.b2c.OtcActivity

com.okinc.okex.ui.mine.security.BindPhoneActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01_T

com.okinc.okex.ui.mine.asset.AssetsTransferActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01_T

com.okinc.okex.ui.mine.delivery.DeliveryHistoryActivity

com.okinc.okex.ui.mine.asset.TransferActivity

cn.udesk.activity.UdeskFormActivity

com.okinc.okex.ui.mine.asset.RechargeHisActivity

com.okinc.okex.ui.mine.setting.SystemSettingActivity

com.okinc.okex.ui.otc.OtcLegalListActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00_T

cn.udesk.activity.UdeskSurvyDialogActivity

com.okinc.okex.ui.mine.asset.OtcAssetsActivity

cn.udesk.activity.UdeskHelperArticleActivity

com.okinc.okex.ui.otc.c2c.C2CActivity

com.okinc.okex.ui.otc.b2c.customer.account.PaySettingsActivity

com.okinc.okex.ui.mine.asset.LeverageAssetsActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_09

com.okinc.okex.ui.kyc.record.upload.UploadListActivity

com.okinc.okex.ui.otc.c2c.trade.publish.C2CTradePublishActivity

cn.udesk.activity.UdeskChatActivity

com.okinc.okex.ui.otc.b2c.customer.account.PaymentSettingsActivity

com.okinc.okex.ui.mine.gesture.GestureSetActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02_T

com.okinc.okex.ui.futures.select.CoinSelectActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01_T

com.okinc.okex.ui.otc.b2c.vendor.data.setting.OtcCollectionSettingActivity

com.okinc.okex.ui.kyc.KycActivity

com.okinc.okex.ui.otc.c2c.trade.receivingtime.OrderReceivingTimeActivity

com.okinc.okex.ui.mine.rate.ExchangeRateHisActivity

com.okinc.okex.ui.mine.feerate.FeeRateActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02

com.okinc.okex.ui.mine.asset.RechargeActivity

com.okinc.okex.ui.otc.b2c.customer.account.AddBankCardActivity

cn.udesk.activity.UdeskZoomImageActivty

com.okinc.okex.ui.mine.login.RegisterActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02_T

com.okinc.okex.ui.futures.menu.FuturesOverviewActivity

com.okinc.okex.ui.otc.c2c.order.detail.C2COrderDetailActivity

com.tencent.bugly.beta.ui.BetaActivity

com.okinc.okex.ui.spot.TestActivity

com.okinc.okex.ui.DebugActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_04

com.okinc.okex.ui.mine.MineActivity

com.okinc.okex.ui.MainActivity

com.okinc.okex.ui.mine.security.SecurityActivity

com.okinc.okex.ui.otc.b2c.customer.account.OtcTransferActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_06

com.okinc.okex.ui.mine.SpotOrderFullActivity

com.alibaba.sdk.android.feedback.windvane.CustomHybirdActivity

com.just.library.ActionActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00

com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02

com.okinc.okex.ui.otc.c2c.order.C2COrderProofUploadActivity

com.okinc.okex.ui.futures.menu.FuturesSelectAccountModeActivity

com.okinc.okex.ui.WebActivity

com.okinc.okex.ui.mine.asset.WithdrawHisActivity

com.okinc.okex.ui.search.SearchActivity

com.okinc.okex.ui.mine.asset.LeverageHistoryActivity

cn.udesk.activity.UdeskWebViewUrlAcivity

com.okinc.okex.ui.market.remind.PriceRemindV2Activity

com.okinc.okex.ui.market.remind.PriceRemindActivity

com.okinc.okex.ui.mine.gesture.GestureVerifyActivity

com.okinc.okex.ui.mine.login.LoginActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01_T

com.okinc.okex.ui.futures.menu.FuturesLeverRateSelectActivity

com.okinc.okex.ui.mine.security.BindEmailActivity

com.okinc.okex.ui.mine.asset.WithdrawActivity

com.okinc.okex.ui.mine.about.AboutActivity

com.okinc.okex.ui.spot.margin.OpenMarginActivity

cn.udesk.activity.UdeskRobotActivity

com.alibaba.sdk.android.feedback.impl.ErrorPageActivity

com.okinc.okex.ui.otc.b2c.vendor.data.setting.OtcFundsSettingActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_06

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_08

com.okinc.okex.ui.mine.statement.AccountStatementActivity

com.okinc.okex.ui.futures.menu.calculator.FuturesCalculatorActivity

com.okinc.okex.ui.otc.b2c.vendor.data.setting.OtcDealSettingActivity

com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00_T

所有权限

程序中存在以下敏感权限

android.permission.READ_PHONE_STATE 允许访问电话状态、设备信息android.permission.READ_LOGS 允许读取敏感日志数据android.permission.CALL_PHONE 允许直接拨打电话android.permission.CAMERA 允许访问摄像头拍照android.permission.RECORD_AUDIO 允许录音android.permission.GET_TASKS 允许获取应用列表android.permission.RECEIVE_BOOT_COMPLETED 允许程序开机自动运行android.permission.BLUETOOTH 允许使用蓝牙连接配对过的设备android.permission.ACCESS_FINE_LOCATION 允许访问精确位置信息android.permission.ACCESS_COARSE_LOCATION 允许访问大概位置信息android.permission.GET_ACCOUNTS 允许访问账户Gmail列表

存在的漏洞

Web组件远程代码执行漏洞详细内容：以下危险api可通过webview对象向页面javascript导出java本地接口，可能导致任意命令执行详细内容：以下危险api可通过webview对象向页面javascript导出java本地接口，可能导致任意命令执行 com/alibaba/sdk/android/feedback/xblink/webview/XBHybridWebView addJavascriptInterface(Object paramObject, String paramString)| super.addJavascriptInterface(paramObject, paramString);

com/just/library/AgentWebView void addJavascriptInterface(Object paramObject, String paramString)|super.addJavascriptInterface(paramObject, paramString);

修复建议：建议禁用危险接口addJavascriptInterface导出Java类及方法，并加强访问的url的域控制。https敏感数据劫持漏洞详细内容：以下危险api不正确使用https相关函数，可能引发通信加密失效，导致敏感数据泄漏anet/channel/util/b/b/a.java void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)

anet/channel/util/b/a boolean verify(String paramString, SSLSession paramSSLSession)

修复建议：建议对自定义的X509TrustManager实现对证书的严格校验；setHostnameVerifier接口请设置安全选项级别，如STRICT_HOSTNAME_VERIFIER系统组件本地拒绝服务漏洞检测详细内容：以下组件存在本地拒绝服务漏洞com.okinc.okex.ui.WelcomeActivity { 利用代码片段(poc):Intent intent=new Intent();intent.setComponent(new ComponentName("com.okinc.okex", "com.okinc.okex.ui.WelcomeActivity"));intent.putExtra("anykey",new AnySerializableClass());startActivity(intent); }

修复建议：注册的组件请严格校验输入参数，注意空值判定和类型转换判断，防止由于异常输入导致的应用崩溃

安全风险

webview启用访问文件数据描述：Webview中使用setAllowFileAccess(true)，App可通过webview访问私有目录下的文件数据。在Android中，mWebView.setAllowFileAccess(true)为默认设置。当setAllowFileAccess(true)时，在File域下，可执行任意的JavaScript代码，如果绕过同源策略能够对私有目录文件进行访问，导致用户隐私泄漏。位置：类com/okinc/okex/ui/WebActivity 的 m()方法

位置：类com/just/library/WebDefaultSettingsManager 的settings()方法

SSL通信服务端检测信任任意证书描述：自定义SSL x509 TrustManager，重写checkServerTrusted方法，方法内不做任何服务端的证书校验。×××可以使用中间人×××获取加密内容。位置：anet/channel/util/b/b/a的 checkServerTrusted()方法

动态注册广播描述：使用registerReceiver动态注册的广播在组件的生命周期里是默认导出的。导出的广播可以导致拒绝服务、数据泄漏或是越权调用。位置：类方法anet/channel/status/b a()

com/bumptech/glide/manager/e a()

Intent Scheme URLs×××描述：在AndroidManifast.xml设置Scheme协议之后，可以通过浏览器打开对应的Activity。×××者通过访问浏览器构造Intent语法唤起app相应组件，轻则引起拒绝服务，重则可能演变为提权漏洞。位置：com/just/library/DefaultWebClient handleIntentUrl()

隐式意图调用描述：封装Intent时采用隐式设置，只设定action，未限定具体的接收对象，导致Intent可被其他应用获取并读取其中数据。Intent隐式调用发送的意图可能被第三方劫持，可能导致内部隐私数据泄露。位置：cn/sharesdk/sina/weibo/a c()

com/umeng/message/common/UmengMessageDeviceConfig getServiceName

cn/sharesdk/sina/weibo/a onCreate()

unzip解压缩(ZipperDown) 描述：解压 zip文件，使用getName()获取压缩文件名后未对名称进行校验。×××者可构造恶意zip文件，被解压的文件将会进行目录跳转被解压到其他目录，覆盖相应文件导致任意代码执行。位置：com/tencent/tinker/lib/patch/DexDiffPatchInternal patchDexFile()

org/android/spdy/SoInstallMgrSdk unZipSelectedFiles()

com/alibaba/wireless/security/framework/b h()

so 文件

libsgmain.so (实则为一个 apk)用 zip解压

未加壳的so 文件有：libBugly.so动态链接库中包含执行命令函数 execl

libcocklogic-1.1.3.so popen

libgifimage.solibimagepipeline.solibtnet-3.1.11.so

其它 apk 分析：(libsgmain.so)应用名：MainPlugin

包名：com.alibaba.wireless.security.mainplugin

MD5 ：0af0264e5bc6c858f491644a8207ea31

版本：5.1.96

加固信息 : 未加固详细信息所有者: CN=Alibaba, OU=Alibaba, O=WirelessSecurity, L=HangZhou, ST=ZheJiang, C=CN发布者: CN=Alibaba, OU=Alibaba, O=WirelessSecurity, L=HangZhou, ST=ZheJiang, C=CN序列号: 360b09ce有效期开始日期: Tue Dec 22 15:28:26 CST 2015, 截止日期: Wed Sep 24 15:28:26 CST 2070证书指纹:MD5: 18:D1:9F:89:7E:B3:00:FD:24:C7:60:82:43:9F:75:32SHA1: 09:6E:E5:04:E8:86:25:18:BE:2A:16:6C:93:F9:D7:9E:F3:95:36:65SHA256: A3:3C:43:56:99:EC:C2:29:AE:BB:7C:24:1A:FA:84:4D:67:39:05:A2:9A:57:ED:46:D2:CF:A5:93:E4:8B:97:99签名算法名称: SHA256withRSA版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: EE 9D 52 04 DC 77 27 8A D0 84 39 98 7F 59 05 7F ..R..w'...9..Y..0010: 6C B7 AB A2 l...]]

本文由职坐标整理并发布，希望对同学们有所帮助。了解更多详情请关注职坐标编程语言C/C+频道！