安全分析报告:
安全分数
安全分数 48/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
2
中危
20
信息
1
安全
1
关注
0
高危 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/blackhub/bronline/game/core/preferences/Preferences.java, line(s) 63
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/sdkit/paylib/paylibnative/ui/screens/webpayment/a.java, line(s) 372,367
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Service (com.blackhub.bronline.launcher.network.MyFirebaseMessagingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.blackhub.bronline.game.core.JNIActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (io.appmetrica.analytics.internal.PreloadInfoContentProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/decode/SvgDecoder.java, line(s) 38 coil/memory/MemoryCache.java, line(s) 139 coil/memory/MemoryCacheService.java, line(s) 48 coil/request/Parameters.java, line(s) 187 com/blackhub/bronline/BuildConfig.java, line(s) 22,24 com/blackhub/bronline/common/AnalyticEngineYandexAppMetricaKt.java, line(s) 10 com/blackhub/bronline/game/GUIManagerKt.java, line(s) 13,10,16 com/blackhub/bronline/game/core/constants/CommonKeys.java, line(s) 13,16,19,25,28,31,34 com/blackhub/bronline/game/gui/activetask/ActiveTaskKeys.java, line(s) 13,16,22,25,19,28 com/blackhub/bronline/game/gui/admintools/AdminToolsKeys.java, line(s) 16,40,43,46,49,13,19,28,22,25,34,55,52,37,31 com/blackhub/bronline/game/gui/blackpass/utils/BlackPassKeys.java, line(s) 133,106 com/blackhub/bronline/game/gui/blackpassbanner/BlackPassBannerConstantsKt.java, line(s) 11 com/blackhub/bronline/game/gui/bprewards/BpRewardsKeys.java, line(s) 56,39,16,19,30,45,48,33,42,65,26,51,62 com/blackhub/bronline/game/gui/brsimbanner/BrSimBannerConstants.java, line(s) 27,16,13 com/blackhub/bronline/game/gui/calendar/CalendarKeys.java, line(s) 58,37,28,31,40,25,61,43,55,52,19,13,22,16 com/blackhub/bronline/game/gui/cases/CasesKeys.java, line(s) 19,52,58,25,46,13,16,43,22,40,37,55,28,34,49 com/blackhub/bronline/game/gui/catchstreamer/CatchStreamerKeys.java, line(s) 13,19,22,25,28,31,37,40,16 com/blackhub/bronline/game/gui/chat/ChatKeys.java, line(s) 19,16 com/blackhub/bronline/game/gui/chooseserver/ChooseServerGuiFragmentKt.java, line(s) 11 com/blackhub/bronline/game/gui/clicker/ClickerKeys.java, line(s) 25,19,16,22,28 com/blackhub/bronline/game/gui/craft/CraftKeys.java, line(s) 46,13,31,37,61,49,19,25,55,64,40,34,52,43,58,28,22,67 com/blackhub/bronline/game/gui/craft/model/response/CraftItemCategoryFilter.java, line(s) 99 com/blackhub/bronline/game/gui/electric/utils/ElectricKeys.java, line(s) 13,16 com/blackhub/bronline/game/gui/entertainmentsystem/utils/EntertainmentConstants.java, line(s) 69 com/blackhub/bronline/game/gui/fishing/FishingKeys.java, line(s) 13 com/blackhub/bronline/game/gui/fractions/Const.java, line(s) 33,36,198,165 com/blackhub/bronline/game/gui/fractions/network/FractionActionsWithJSON.java, line(s) 134,150,38 com/blackhub/bronline/game/gui/fuelfill/utils/FuelFilUtils.java, line(s) 34 com/blackhub/bronline/game/gui/gasmangame/GasmanConstants.java, line(s) 25,45,13,29 com/blackhub/bronline/game/gui/gifts/GiftsKeys.java, line(s) 19,31,13,22,25,34,28,37,16 com/blackhub/bronline/game/gui/halloweenaward/HalloweenAwardKeys.java, line(s) 13,22,28,16,25,19 com/blackhub/bronline/game/gui/holidayevents/HolidayEventsKeys.java, line(s) 25,13,46,49,16,55,19,22,31,43,52,40,58 com/blackhub/bronline/game/gui/interactionwithnpc/InteractionWithNpcButtonModel.java, line(s) 82 com/blackhub/bronline/game/gui/interactionwithnpc/InteractionWithNpcKeys.java, line(s) 19,16,22,28,31,25,34 com/blackhub/bronline/game/gui/marketplace/MarketplaceKeys.java, line(s) 82,58,61,76,25,28,31,64,103,100,49,52,43,22,34,70,46,73,40,37,91,88,16,19,85,106,109,112,67,97,55,94,121,79,115,118 com/blackhub/bronline/game/gui/menu/MenuDictionary.java, line(s) 44,48 com/blackhub/bronline/game/gui/menupausesettingandmap/NativeKeys.java, line(s) 19,28 com/blackhub/bronline/game/gui/minigameshelper/MiniGamesHelperKeys.java, line(s) 58,40,13,37,31,28,16,61,64,43,49,52,55,34,46,67 com/blackhub/bronline/game/gui/moduledialog/ModuleDialogKeys.java, line(s) 13,16,19,25,28 com/blackhub/bronline/game/gui/panelinfo/PanelInfoKeys.java, line(s) 13,16,19,25 com/blackhub/bronline/game/gui/plates/PlatesKeys.java, line(s) 13,16,22,28,31,25,34 com/blackhub/bronline/game/gui/rateapp/RateAppAnalyticsKeys.java, line(s) 19,22,28 com/blackhub/bronline/game/gui/rateapp/RateAppKeys.java, line(s) 19,13 com/blackhub/bronline/game/gui/rating/RatingKeys.java, line(s) 31,28,13,22,16,34,25 com/blackhub/bronline/game/gui/rent/RentKeys.java, line(s) 13 com/blackhub/bronline/game/gui/spawnlocation/SpawnLocationUtils.java, line(s) 25 com/blackhub/bronline/game/gui/taxi/TaxiKeys.java, line(s) 13,16,19,22,43,28,31,34,40,37 com/blackhub/bronline/game/gui/taxiorder/TaxiOrderKeys.java, line(s) 13,25,16,22,31,19,43,52,37,40,49,55,46,28 com/blackhub/bronline/game/gui/taxirating/TaxiRatingKeys.java, line(s) 19,16 com/blackhub/bronline/game/gui/tutorialhints/TutorialKeys.java, line(s) 22,16,25,19,34,28,46,37,40,43,31 com/blackhub/bronline/game/gui/upgradeobjectevent/UpgradeObjectEventKeys.java, line(s) 28,64,70,76,73,34,37,16,19,67,25,46,52,58,61,31,13,40,22,43,49,55 com/blackhub/bronline/game/gui/videoplayer/VideoPlayerKeys.java, line(s) 16,19,22 com/blackhub/bronline/game/gui/woundsystem/utils/WoundSystemConst.java, line(s) 37 com/blackhub/bronline/launcher/LauncherConstants.java, line(s) 30 com/blackhub/bronline/launcher/network/Auth.java, line(s) 138 com/blackhub/bronline/launcher/network/Prize.java, line(s) 118 com/blackhub/bronline/launcher/network/Server.java, line(s) 183 com/sdkit/paylib/paylibpayment/impl/domain/network/response/invoice/UserActionsJson.java, line(s) 78 io/appmetrica/analytics/impl/A0.java, line(s) 41 io/appmetrica/analytics/impl/C0247c0.java, line(s) 17 io/appmetrica/analytics/impl/C0326f4.java, line(s) 60 io/appmetrica/analytics/impl/C0400c0.java, line(s) 17 io/appmetrica/analytics/impl/C0479f4.java, line(s) 61 io/appmetrica/analytics/impl/D4.java, line(s) 128 io/appmetrica/analytics/impl/Fg.java, line(s) 120 io/ktor/client/request/forms/FormPart.java, line(s) 77 io/ktor/http/auth/HttpAuthHeader.java, line(s) 61,79 io/ktor/util/PlatformUtilsJvmKt.java, line(s) 11 org/jfrog/build/client/PreemptiveHttpClientBuilder.java, line(s) 152 org/jfrog/build/extractor/clientConfiguration/ClientConfigurationFields.java, line(s) 11,40,41,42,32,44 ru/rustore/sdk/billingclient/BuildConfig.java, line(s) 11 ru/rustore/sdk/core/BuildConfig.java, line(s) 8,7 ru/rustore/sdk/core/config/SdkType.java, line(s) 26
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/pierfrancescosoffritti/androidyoutubeplayer/core/player/views/WebViewYouTubePlayer.java, line(s) 124,121 ru/rustore/sdk/billingclient/impl/presentation/auth/d.java, line(s) 154,155 ru/rustore/sdk/billingclient/impl/presentation/auth/g.java, line(s) 47,48
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/blackhub/bronline/game/core/AppLocalValues.java, line(s) 37 com/blackhub/bronline/game/core/JNIActivity.java, line(s) 224 com/blackhub/bronline/game/core/utils/BitmapUtilsKt.java, line(s) 92,127,190 com/blackhub/bronline/game/core/utils/UtilsKt.java, line(s) 444 com/blackhub/bronline/launcher/fragments/InitializationFragment.java, line(s) 146,300,456 com/blackhub/bronline/launcher/fragments/LoaderFragment.java, line(s) 290,397,642 com/blackhub/bronline/launcher/fragments/MainFragment.java, line(s) 524
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/SourceImageSource.java, line(s) 158 com/blackhub/bronline/game/core/utils/UtilsKt.java, line(s) 452
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/blackhub/bronline/game/core/utils/payment/UtilsKt.java, line(s) 5,6,7,40 io/appmetrica/analytics/coreutils/internal/db/DBUtils.java, line(s) 5,40 io/appmetrica/analytics/impl/C0701uj.java, line(s) 3,10 io/appmetrica/analytics/impl/C0854uj.java, line(s) 3,10 io/appmetrica/analytics/impl/M6.java, line(s) 7,103,111,163,279 io/appmetrica/analytics/impl/P6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/Q6.java, line(s) 3,10,11,12,13 io/appmetrica/analytics/impl/R6.java, line(s) 3,10 io/appmetrica/analytics/impl/S6.java, line(s) 3,10 io/appmetrica/analytics/impl/T6.java, line(s) 3,10 io/appmetrica/analytics/impl/U6.java, line(s) 3,10 io/appmetrica/analytics/impl/V6.java, line(s) 3,13,14,15,20 io/appmetrica/analytics/impl/W6.java, line(s) 3,13,14,15,20 io/appmetrica/analytics/impl/X4.java, line(s) 4,56,75,81 ru/rustore/sdk/metrics/internal/B.java, line(s) 4,58 ru/rustore/sdk/metrics/internal/C0081o.java, line(s) 4,5,21 ru/rustore/sdk/metrics/internal/C1045o.java, line(s) 4,5,22 ru/rustore/sdk/metrics/internal/I.java, line(s) 4,63 ru/rustore/sdk/metrics/internal/T.java, line(s) 5,42
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/appmetrica/analytics/impl/AbstractC0797yi.java, line(s) 7 io/appmetrica/analytics/impl/AbstractC0950yi.java, line(s) 7 io/appmetrica/analytics/impl/L7.java, line(s) 47 io/ktor/client/plugins/cache/storage/FileCacheStorage.java, line(s) 73
中危 IP地址泄露
IP地址泄露 Files: com/blackhub/bronline/game/core/JNIActivity.java, line(s) 505,509,534,534 com/blackhub/bronline/game/core/viewmodel/JNIActivityViewModel.java, line(s) 761,761,762,762 com/blackhub/bronline/game/gui/chooseserver/ChooseServerGuiFragment.java, line(s) 489 com/sdkit/paylib/paylibsdk/client/domain/DefaultPaylibClientInfoProvider.java, line(s) 61
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/blackhub/bronline/game/gui/legacy/BrDialogDance.java, line(s) 38 com/blackhub/bronline/game/gui/legacy/BrDialogHack.java, line(s) 21 com/blackhub/bronline/game/gui/legacy/BrDialogSawmill.java, line(s) 19 com/blackhub/bronline/game/gui/legacy/BrDialogWires.java, line(s) 30 com/blackhub/bronline/game/gui/minigameevents/UILayoutMiniGameEventsGameFinger.java, line(s) 23
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/appmetrica/analytics/impl/E3.java, line(s) 48 io/ktor/util/CryptoKt__CryptoJvmKt.java, line(s) 53
中危 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/275832165365/namespaces/firebase:fetch?key=AIzaSyD-7ij141pdq6bTcAKxkj3ap9TolwN35R0 ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"cdn_code_version_release": "0",
"cdn_url_release": "https://main.test.blackrussian.games/",
"configs": "[ { \"androidVersion\": 777, \"iosVersion\": 777, \"pcVersion\": 777, \"cdnUrl\": \"https://main.test.blackrussian.games/\", \"cdnLogin\": \"login\", \"cdnPass\": \"password\", \"apiUrl\": \"https://jsons.dev.blackrussian.games/\", \"apiLogin\": \"login\", \"apiPass\": \"password\", \"testServers\": [ { \"testServerIp\": \"server.ip.1\", \"testServerPort\": \"111\" }, { \"testServerIp\": \"server.ip.2\", \"testServerPort\": \"222\" } ] }, { \"androidVersion\": 888, \"iosVersion\": 888, \"pcVersion\": 888, \"cdnUrl\": \"https://main.test.blackrussian.games/\", \"cdnLogin\": \"login\", \"cdnPass\": \"password\", \"apiUrl\": \"https://jsons.dev.blackrussian.games/\", \"apiLogin\": \"login\", \"apiPass\": \"password\", \"testServers\": [ { \"testServerIp\": \"server.ip.1\", \"testServerPort\": \"111\" }, { \"testServerIp\": \"server.ip.2\", \"testServerPort\": \"222\" } ] } ]",
"isKakos_1_17_0": "false",
"kakosIp": "80.66.82.19",
"kakosPort": "7010",
"showSIM": "true",
"showTanpinButton": "true",
"tempSimCard": "true",
"urlValidationPayment": "https://api.blackrussia.online/appstore/transaction/process"
},
"state": "UPDATE",
"templateVersion": "347"
}
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_api_key" : "AIzaSyD-7ij141pdq6bTcAKxkj3ap9TolwN35R0" "com.google.firebase.crashlytics.mapping_file_id" : "877c2d5e087f4acc8ca837d0cf86bd98" "google_crash_reporting_api_key" : "AIzaSyD-7ij141pdq6bTcAKxkj3ap9TolwN35R0" "google_app_id" : "1:275832165365:android:a8d5d9600fe1eb392a86bc" m3129HolidayEventsBottomGainBlockc2U5e7w 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= a608d246fb5433d911b278b332f51aaf b86e9930-c724-4acf-81fa-4f55877841bf 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 m3285MenuListGridUR9CgXA m2540BlackPassPrizeItemUiContentFJfuzF0 mo159getPaymentStatusForExecutedInvoice0E7RQCE Vu4+B6PSzUSmrPZia7tPO6DJsPKYY1Uuw4xs4pcf9bk= 629a824d-c717-4ba5-bc0f-3f3968554d01 v5hq7yRUY+L0KLZE4Yuah8/lWCR5ETQj2c04Erdd5LA= 3e447a41-9b09-4d3a-85ec-c2cf16ed9372 BEeqSxjEi56NsW6RgJKG3Sfv1qULqA0whOuecLqOHco= m2700CaseRewardTriangleDecorationEGPIBPM mo185getSubscriptionsV2yxL6bBk 874efaf9-deab-4718-9723-13b9290a56ed e2a768b8-478b-4f81-a181-d4984633ca40 c0a0470f8b715ce05f693be5e34977bd 799fae1d-3ce8-4605-808d-13a91c73e7c6 m355StripedHorizontalProgressBarWithIconYTPNW1E S0mHTmqv2QhJEfy5vyPVERSnyMEliJzdC8RXduOjhAs= m2539BlackPassPrizeItemUi6a0pyJM 9beb8af9-ca60-4d00-8caf-6a44d0180479 IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4= StBNet6h9JVhiRNnUJJaqVodKayDe7uOe/7RYUQKlZc= m3034FishingResultPrizeObjUiuFdPcIQ m3033FishingResultPrizeObjContentuFdPcIQ MbrhGKaFAjJt41vKPtRFW0Ppc3D7OsvmWz1UeYPO+4Q= 0e5e9c33-f8c3-4568-86c5-2e4f57523f72 7jmQNb8cKhITEInR2yl38ph7p79ZrkHA01Wc6Gx9PcE= 6d23d833380a443e6b1c3f92fdf53e9f 86fLIetopQLDNxFZ0uMI66Xpl1pFgLlHHn9v6kT0i4I= m308MainButtonWithTopNarrowOvalGradientGE33TkQ hETpgVvaLC0bvcGG3t0cuqiHvr4XyP2MTwCiqhgRWwU= 20799a27-fa80-4b36-b2db-0f8141f24180 c2dda3d12c531e1e302eb52df3737e9d
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/blackhub/bronline/game/core/JNIJSONTransport.java, line(s) 94 com/blackhub/bronline/game/core/utils/DateFormatter.java, line(s) 94 com/blackhub/bronline/game/core/utils/UtilsKt.java, line(s) 165,181,195,213 com/blackhub/bronline/game/core/utils/payment/rustore/PaymentLogger.java, line(s) 32,33,39,45,51,57,38,44,50,56 com/blackhub/bronline/game/gui/donate/adapters/DonateTileAdapter.java, line(s) 525 com/blackhub/bronline/game/gui/donate/ui/UILayoutDonateServices.java, line(s) 372 com/blackhub/bronline/game/gui/fractions/GUIFractionSystem.java, line(s) 384 com/blackhub/bronline/game/gui/fractions/network/FractionActionsWithJSON.java, line(s) 38,53,70,86,102,118,134,150 com/blackhub/bronline/game/gui/fractions/viewmodel/FractionsControlViewModel.java, line(s) 255 com/blackhub/bronline/game/gui/fractions/viewmodel/FractionsMainViewModel.java, line(s) 152 com/blackhub/bronline/game/gui/legacy/BrDialogDance.java, line(s) 186,187,191 com/blackhub/bronline/game/gui/smieditor/GUISmiEditor.java, line(s) 368 com/blackhub/bronline/game/gui/socialaction/GUISocialInteraction.java, line(s) 166,372 com/blackhub/bronline/game/gui/socialaction/SocialUtilsKt.java, line(s) 11 com/blackhub/bronline/game/gui/spawnlocation/GUISpawnLocation.java, line(s) 240 com/blackhub/bronline/launcher/GLSurfaceViewForExtensions.java, line(s) 43,49 com/blackhub/bronline/launcher/download/DownloadWorker$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 29 com/blackhub/bronline/launcher/network/MyFirebaseMessagingService.java, line(s) 44,50,53 com/caverock/androidsvg/CSSParser.java, line(s) 1033,368 com/caverock/androidsvg/SVG.java, line(s) 366 com/caverock/androidsvg/SVGAndroidRenderer.java, line(s) 117,353,1383,173,179,349 com/caverock/androidsvg/SVGImageView.java, line(s) 120,127,153,171,193,223 com/caverock/androidsvg/SVGParser.java, line(s) 601,625,645,947,512,630,2959,2996,3013 com/caverock/androidsvg/SimpleAssetResolver.java, line(s) 41,55,70 com/gcssloop/widget/PagerConfig.java, line(s) 43,37 com/gcssloop/widget/PagerGridLayoutManager.java, line(s) 438,442,474,478 com/samsung/android/sdk/pass/Spass.java, line(s) 53 com/samsung/android/sdk/pass/SpassFingerprint.java, line(s) 131,134,217,305,310,206,211,231,314,405,629,147,182,345,356,570,651 com/samsung/android/sdk/pass/d.java, line(s) 15 com/samsung/android/sdk/pass/support/SdkSupporter.java, line(s) 32 com/samsung/android/sdk/pass/support/v1/FingerprintManagerProxyFactory.java, line(s) 73 io/appmetrica/analytics/logger/common/impl/a.java, line(s) 19 io/ktor/client/plugins/logging/SimpleLogger.java, line(s) 13 io/ktor/http/parsing/DebugKt.java, line(s) 91 io/ktor/util/CoroutinesUtilsKt.java, line(s) 28,34 org/jfrog/build/extractor/clientConfiguration/util/GitUtils.java, line(s) 218 org/jfrog/build/extractor/issuesCollection/IssuesCollector.java, line(s) 129,97 org/jfrog/filespecs/aql/AqlBuildingUtils.java, line(s) 144 ru/rustore/sdk/analytics/AnalyticsEventProvider.java, line(s) 91 ru/rustore/sdk/billingclient/impl/presentation/auth/f.java, line(s) 50 ru/rustore/sdk/billingclient/impl/presentation/auth/i.java, line(s) 56 ru/rustore/sdk/billingclient/impl/presentation/handler/a.java, line(s) 41 ru/rustore/sdk/core/util/ContextExtKt.java, line(s) 69 ru/rustore/sdk/remoteconfig/internal/C0126p.java, line(s) 96,100,113,127 ru/rustore/sdk/remoteconfig/internal/C0128q.java, line(s) 42,79,101,105,118,132,173,197 ru/rustore/sdk/remoteconfig/internal/C1090p.java, line(s) 97,101,114,128 ru/rustore/sdk/remoteconfig/internal/C1092q.java, line(s) 43,80,102,106,119,133,174,198
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/blackhub/bronline/launcher/di/NetworkModule.java, line(s) 104,118,213,235,104,118,213,235 com/sdkit/paylib/paylibnetwork/impl/domain/c.java, line(s) 21,28 com/sdkit/paylib/paylibnetwork/impl/domain/h.java, line(s) 169,90,87,89,89 com/sdkit/paylib/paylibnetwork/impl/ssl/CompositeX509TrustManager.java, line(s) 128,127,61,126,126 com/sdkit/paylib/paylibnetwork/impl/ssl/CompositeX509TrustManagerApi24.java, line(s) 209,208,141,207,207 ru/rustore/sdk/remoteconfig/internal/C0126p.java, line(s) 85,84,64,83,83 ru/rustore/sdk/remoteconfig/internal/C0128q.java, line(s) 90,89,71,88,88 ru/rustore/sdk/remoteconfig/internal/C1090p.java, line(s) 86,85,65,84,84 ru/rustore/sdk/remoteconfig/internal/C1092q.java, line(s) 91,90,72,89,89