安全分析报告:
安全分数
安全分数 43/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
6
中危
16
信息
3
安全
2
关注
3
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/xxxx/statter/MainActivity.java, line(s) 653 com/xxxx/statter/utils/walletutils/EncryptUtil.java, line(s) 80,91,102,113
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/subgraph/orchid/crypto/TorStreamCipher.java, line(s) 76 org/bitcoinj/crypto/BIP38PrivateKey.java, line(s) 100,127 org/tron/common/crypto/SymmEncoder.java, line(s) 39,50
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/xxxx/statter/utils/downloader/core/task/GetFileInfoTask.java, line(s) 66,17,18,19,20,21
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/xxxx/statter/dapps/activity/DappWebViewActivity.java, line(s) 645,644
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/xxxx/statter/dapps/activity/DappWebViewActivity.java, line(s) 302,293
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/xxxx/statter/mine/dialog/FingerprintDialog.java, line(s) 117
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity设置了TaskAffinity属性
(com.xxxx.statter.wc.activity.WCAuthorizedActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.xxxx.statter.login.activity.AuthorizationActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.xxxx.statter.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 数据短信接收端设置在端口: 8888 上
[android:port] 一个二进制短信接收器被配置为监听一个端口。发送到设备的二进制短信由应用程序以开发者选择的方式处理。这个短信中的数据应该被应用程序正确地验证。此外,应用程序应该假设接收到的短信来自一个不可信的来源。
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/xxxx/statter/db/MigrationHelper.java, line(s) 5,186 com/xxxx/statter/db/compile/AccountInformationEntityDao.java, line(s) 4,38 com/xxxx/statter/db/compile/AddressBookEntityDao.java, line(s) 4,37 com/xxxx/statter/db/compile/AddressTokenListEntityDao.java, line(s) 4,71 com/xxxx/statter/db/compile/AnnouncementEntityDao.java, line(s) 4,38 com/xxxx/statter/db/compile/CoinsTypeEntityDao.java, line(s) 4,60 com/xxxx/statter/db/compile/DappCollectEntityDao.java, line(s) 4,39 com/xxxx/statter/db/compile/DappRecentlyEntityDao.java, line(s) 4,37 com/xxxx/statter/db/compile/MiningTaxEntityDao.java, line(s) 4,34 com/xxxx/statter/db/compile/PopularTokenListEntityDao.java, line(s) 4,50 com/xxxx/statter/db/compile/RedemptionEntityDao.java, line(s) 4,35 com/xxxx/statter/db/compile/SearchRecordEntityDao.java, line(s) 4,34 com/xxxx/statter/db/compile/TokenDetailsEntityDao.java, line(s) 4,44 com/xxxx/statter/db/compile/TokenListEntityDao.java, line(s) 4,51 com/xxxx/statter/db/compile/TokenRecordListEntityDao.java, line(s) 4,79 com/xxxx/statter/db/compile/TransactionRecordEntityDao.java, line(s) 4,71 com/xxxx/statter/db/compile/TranslationListEntityDao.java, line(s) 4,46 com/xxxx/statter/db/compile/UserEntityDao.java, line(s) 4,40 com/xxxx/statter/db/compile/WalletListEntityDao.java, line(s) 4,47 com/xxxx/statter/utils/downloader/db/DefaultDownloadDBController.java, line(s) 5,97 com/xxxx/statter/utils/downloader/db/DefaultDownloadHelper.java, line(s) 4,5,29 net/sqlcipher/database/SQLiteDatabase.java, line(s) 1519,1538,868 org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,117 org/greenrobot/greendao/DbUtils.java, line(s) 6,15 org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,15
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/trustwallet/walletconnect/WCSessionStoreType.java, line(s) 16 com/trustwallet/walletconnect/models/session/WCSession.java, line(s) 75 com/walletconnect/android/internal/common/jwt/did/EncodeDidJwtPayloadUseCase.java, line(s) 66 com/walletconnect/android/internal/common/model/Participants.java, line(s) 57 com/walletconnect/android/internal/common/model/SessionProposer.java, line(s) 55 com/walletconnect/android/internal/common/model/WalletConnectUri.java, line(s) 75 com/walletconnect/android/internal/common/model/params/CoreSignParams.java, line(s) 60 com/walletconnect/android/internal/common/model/params/PushParams.java, line(s) 78 com/walletconnect/android/keyserver/model/KeyServerResponse.java, line(s) 52 com/walletconnect/android/sync/client/Sync.java, line(s) 470,384 com/walletconnect/android/sync/common/json_rpc/SyncParams.java, line(s) 120,67 com/walletconnect/android/sync/common/model/SyncUpdate.java, line(s) 137,67 com/walletconnect/foundation/util/jwt/JwtUtilsKt.java, line(s) 33 com/walletconnect/sign/client/Sign.java, line(s) 2443,2517,225 com/walletconnect/sign/common/model/vo/clientsync/common/SessionParticipantVO.java, line(s) 56 com/walletconnect/sign/common/model/vo/proposal/ProposalVO.java, line(s) 114 com/walletconnect/sign/common/model/vo/sequence/SessionVO.java, line(s) 194,194 com/walletconnect/sign/engine/model/EngineDO.java, line(s) 166 com/xxxx/common/Global.java, line(s) 4 com/xxxx/statter/Global.java, line(s) 5 com/xxxx/statter/GlobalWallet.java, line(s) 36,76,80 com/xxxx/statter/dapps/entity/ContractWithdrawTradebody.java, line(s) 19 com/xxxx/statter/dapps/entity/DappTransfer.java, line(s) 15 com/xxxx/statter/dapps/entity/Find.java, line(s) 26 com/xxxx/statter/home/entity/CreateContractTradeBody.java, line(s) 29 com/xxxx/statter/home/entity/MinePledgeTradeBody.java, line(s) 20,24 com/xxxx/statter/home/entity/MineTaxTradeBody.java, line(s) 19,31 com/xxxx/statter/mine/entity/ContractToContractTradeBody.java, line(s) 19 com/xxxx/statter/utils/storagechooser/utils/DiskUtil.java, line(s) 16 com/xxxx/statter/utils/tron/security/Constants.java, line(s) 8,9,10 com/xxxx/statter/utils/walletutils/RSAUtils.java, line(s) 19,20 com/xxxx/statter/utils/walletutils/TradeBody.java, line(s) 23 com/xxxx/statter/wc/WC2SessionUtils.java, line(s) 75 org/bitcoinj/crypto/EncryptedData.java, line(s) 31 org/bitcoinj/crypto/TrustStoreLoader.java, line(s) 13 org/bitcoinj/store/LevelDBBlockStore.java, line(s) 21 org/kethereum/model/ECKeyPair.java, line(s) 57 org/kethereum/model/PrivateKey.java, line(s) 36 org/web3j/ens/contracts/generated/PublicResolver.java, line(s) 44,49
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/github/mikephil/charting/charts/Chart.java, line(s) 726,741 com/github/mikephil/charting/utils/FileUtils.java, line(s) 23,118 com/xxxx/statter/customview/videoselect/activity/ImagePickerActivity.java, line(s) 354 com/xxxx/statter/customview/zxing/activity/CaptureActivity.java, line(s) 450,493 com/xxxx/statter/utils/FileUtil.java, line(s) 350 com/xxxx/statter/utils/SDCardUtil.java, line(s) 24,28 com/xxxx/statter/utils/storagechooser/StorageChooser.java, line(s) 91 com/xxxx/statter/utils/storagechooser/fragments/ChooserDialogFragment.java, line(s) 140,152 com/xxxx/statter/utils/storagechooser/fragments/SecondaryChooserFragment.java, line(s) 475,476 jp/co/cyberagent/android/gpuimage/GPUImage.java, line(s) 321 jp/co/cyberagent/android/gpuimage/GPUImageView.java, line(s) 384
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/kenai/jffi/internal/StubLoader.java, line(s) 285 com/lambdaworks/jni/JarLibraryLoader.java, line(s) 31 com/security/shell/h.java, line(s) 42 jnr/unixsocket/Common.java, line(s) 45 org/bitcoinj/wallet/Wallet.java, line(s) 1022 org/bitcoinj/wallet/WalletFiles.java, line(s) 90 org/junit/rules/TemporaryFolder.java, line(s) 41,79
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/xxxx/statter/utils/walletutils/EncryptUtil.java, line(s) 71 com/xxxx/statter/utils/walletutils/KeysUtils.java, line(s) 41
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/lambdaworks/crypto/SCryptUtil.java, line(s) 36 com/subgraph/orchid/crypto/HybridEncryption.java, line(s) 20 com/subgraph/orchid/crypto/PRNGFixes.java, line(s) 68,72 com/subgraph/orchid/crypto/TorRandom.java, line(s) 12 com/subgraph/orchid/data/RandomSet.java, line(s) 18 com/xxxx/statter/utils/walletutils/EncryptUtil.java, line(s) 157 org/java_websocket/drafts/Draft_6455.java, line(s) 487
中危 IP地址泄露
IP地址泄露 Files: com/subgraph/orchid/dashboard/Dashboard.java, line(s) 34 com/subgraph/orchid/data/exitpolicy/Network.java, line(s) 8 com/xxxx/common/config/sp/SPTest.java, line(s) 7 com/xxxx/common/http/GetAPIManager.java, line(s) 9,10,11 com/xxxx/statter/GlobalWallet.java, line(s) 13 com/xxxx/statter/http/AppGetAPIManager.java, line(s) 83,81,84,82,74,72,85 org/bitcoinj/core/PeerAddress.java, line(s) 80 org/bitcoinj/core/PeerGroup.java, line(s) 931
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hjq/permissions/PermissionFragment.java, line(s) 12 com/tinder/scarlet/retry/ExponentialWithJitterBackoffStrategy.java, line(s) 3 com/xxxx/statter/WelcomeActivity.java, line(s) 25 com/xxxx/statter/home/activity/TokenWithdrawActivity.java, line(s) 43 com/xxxx/statter/home/activity/TransferActivity.java, line(s) 102 com/xxxx/statter/utils/DataUtil.java, line(s) 10 com/xxxx/statter/wc/dialog/EthSendTansactionDialog.java, line(s) 46 org/bitcoinj/core/TransactionBroadcast.java, line(s) 11 org/greenrobot/greendao/test/DbTest.java, line(s) 7 org/java_websocket/drafts/Draft_6455.java, line(s) 16
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/xxxx/statter/dapps/activity/DappWebViewActivity.java, line(s) 298,295
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "password" : "Password" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" "authorization" : "Authorization" TCFLL5dx5ZJdKnWuesXxi1VPwjLVmWZZy9 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 0000000000095413afC295d19EDeb1Ad7B71c952 8ac76a51cc950d9822d68b83fe1ad97b32cd580d 55d398326f99059ff775485246999027b3197955 E534619dEFDBF0cAf673b8AbF7158714F5BD4bd9 23D15D965BC35114467363C165C4F724B64B4F66 00FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 0566B9a8fFb8908682796751EEd00722da967Be0 000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943 EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 1fa4426a1647e5df292757efa5c12981 90758863f6bf42e6585781b04a076930 d60c2b5bd57e262760f8508ef4c1a250 TUpMhErZL2fhh4sVNULAbNKLokS4GjC1F4 D586D18309DED4CD6D57C18FDB97EFA96D330566 49015F787433103580E3B66A1707A00E60F2D15B 42a71397afbaf92492ced302dcc08e51 53590fb8244d600075c539b02a7b97bd 04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f dAC17F958D2ee523a2206206994597C13D831ec7 156ab3346823B651294766e23e6Cf87254d68962 5e5398f0546d1d7afd62641edb14d82894f11ddc41bce363a0c8d0dac82c9c5a a7f155fbc59c18b6ad4fb5650067dd41 608060405234801561001057600080fd5b5060008080526020527fad3228b676f7d3cd4284a5443f17f1962b36e491b30a40b2405849e597ba5fb58054600160a060020a03191633179055610500806100596000396000f3006080604052600436106100825763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416630178b8bf811461008757806302571be3146100bb57806306ab5923146100d357806314ab9038146100fc57806316a25cbd146101215780631896f70a146101565780635b0fc9c31461017a575b600080fd5b34801561009357600080fd5b5061009f60043561019e565b60408051600160a060020a039092168252519081900360200190f35b3480156100c757600080fd5b5061009f6004356101bc565b3480156100df57600080fd5b506100fa600435602435600160a060020a03604435166101d7565b005b34801561010857600080fd5b506100fa60043567ffffffffffffffff60243516610291565b34801561012d57600080fd5b5061013960043561035a565b6040805167ffffffffffffffff9092168252519081900360200190f35b34801561016257600080fd5b506100fa600435600160a060020a0360243516610391565b34801561018657600080fd5b506100fa600435600160a060020a0360243516610434565b600090815260208190526040902060010154600160a060020a031690565b600090815260208190526040902054600160a060020a031690565b6000838152602081905260408120548490600160a060020a031633146101fc57600080fd5b60408051868152602080820187905282519182900383018220600160a060020a03871683529251929450869288927fce0457fe73731f824cc272376169235128c118b49d344817417c6d108d155e8292908290030190a3506000908152602081905260409020805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a03929092169190911790555050565b6000828152602081905260409020548290600160a060020a031633146102b657600080fd5b6040805167ffffffffffffffff84168152905184917f1d4f9bbfc9cab89d66e1a1562f2233ccbf1308cb4f63de2ead5787adddb8fa68919081900360200190a250600091825260208290526040909120600101805467ffffffffffffffff90921674010000000000000000000000000000000000000000027fffffffff0000000000000000ffffffffffffffffffffffffffffffffffffffff909216919091179055565b60009081526020819052604090206001015474010000000000000000000000000000000000000000900467ffffffffffffffff1690565b6000828152602081905260409020548290600160a060020a031633146103b657600080fd5b60408051600160a060020a0384168152905184917f335721b01866dc23fbee8b6b2c7b1e14d6f05c28cd35a2c934239f94095602a0919081900360200190a250600091825260208290526040909120600101805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a03909216919091179055565b6000828152602081905260409020548290600160a060020a0316331461045957600080fd5b60408051600160a060020a0384168152905184917fd4735d920b0f87494915f556dd9b54c8f309026070caea5c737245152564d266919081900360200190a250600091825260208290526040909120805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a039092169190911790555600a165627a7a72305820f201bf7d54db31743dfa9e72c9529bab797c8e550d2355afb39d50e2ab48b4fb0029 46852978259cc4b5e92695cead1b7a81 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 TMwFHYXLJaRUPeW6421aqXL4ZEzPRFGkGT 04302390343f91cc401d56d68b123028bf52e5fca1939df127f63c6467cdf9c8e2c14b61104cf817d0b780da337893ecc4aaff1309e536162dabbdb45200ca2b0a 00000007199508e34a9ff81e6ec0c477a4cccff2a4767a8eee39c11db367b008 ED03BB616EB2F60BEC80151114BB25CEF515B226 A0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 aA8F550ED21aE4ecE978f4141c4551D1Deb7390A TEkxiTehnzSmSe2XqrBj4w32RUN966rdz8 E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 0e09fabb73bd3ade0a17ecc321fd13a19e81ce82 00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721 514910771AF9Ca656af840dff83E8264EcF986CA 1f9840a85d5aF5bf1D1762F925BDADdC4201F984 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f 585769C78764D58426B8B52B6651A5A71137189A 00000000000af0aed4792b1acee3d966af36cf5def14935db8de83d6f9306f2f a91c23e317b2650d0600d1f10a42a969 7130d2a12b9bcbfae4f2634d864a1ee1ce3ead9c 00000000000C2E074eC69A0dFb2997BA6C7d2e1e 2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599 0238746c59d46d5408bf8b1d0af5740fe1a6e1703fcb56b2953f0b965c740d256f 80550987E1D626E3EBA5E5E75A458DE0626D088C 04fc9702847840aaf195de8442ebecedf5b095cdbb9bc716bda9110971b28a49e0ead8564ff0db22209e0374782c093bb899692d524e9d6a6956e7c5ecbcd68284 0bc529c00C6401aEF6D220BE8C6Ea1667F6Ad93e 00000000000271a2dc26e7667f8419f2e15416dc6955e5a6c6cdf3f2574dd08e ad90bf3beb7b0eb7e5acd74727dc0da96e0a280a258354e7293fb7e211ac03db TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t 608060405234801561001057600080fd5b506040516020806111dd833981016040525160008054600160a060020a03909216600160a060020a031990921691909117905561118b806100526000396000f3006080604052600436106100c45763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166301ffc9a781146100c957806310f13a8c146100ff5780632203ab561461019d57806329cd62ea146102375780632dff6941146102555780633b3b57de1461027f57806359d1d43c146102b3578063623195b014610386578063691f3431146103e657806377372213146103fe578063c3d014d61461045c578063c869023314610477578063d5fa2b00146104a8575b600080fd5b3480156100d557600080fd5b506100eb600160e060020a0319600435166104cc565b604080519115158252519081900360200190f35b34801561010b57600080fd5b5060408051602060046024803582810135601f810185900485028601850190965285855261019b95833595369560449491939091019190819084018382808284375050604080516020601f89358b018035918201839004830284018301909452808352979a9998810197919650918201945092508291508401838280828437509497506106399650505050505050565b005b3480156101a957600080fd5b506101b860043560243561084d565b6040518083815260200180602001828103825283818151815260200191508051906020019080838360005b838110156101fb5781810151838201526020016101e3565b50505050905090810190601f1680156102285780820380516001836020036101000a031916815260200191505b50935050505060405180910390f35b34801561024357600080fd5b5061019b600435602435604435610959565b34801561026157600080fd5b5061026d600435610a5d565b60408051918252519081900360200190f35b34801561028b57600080fd5b50610297600435610a73565b60408051600160a060020a039092168252519081900360200190f35b3480156102bf57600080fd5b5060408051602060046024803582810135601f8101859004850286018501909652858552610311958335953695604494919390910191908190840183828082843750949750610a8e9650505050505050565b6040805160208082528351818301528351919283929083019185019080838360005b8381101561034b578181015183820152602001610333565b50505050905090810190601f1680156103785780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b34801561039257600080fd5b50604080516020600460443581810135601f810184900484028501840190955284845261019b948235946024803595369594606494920191908190840183828082843750949750610b979650505050505050565b3480156103f257600080fd5b50610311600435610c9c565b34801561040a57600080fd5b5060408051602060046024803582810135601f810185900485028601850190965285855261019b958335953695604494919390910191908190840183828082843750949750610d409650505050505050565b34801561046857600080fd5b5061019b600435602435610e9a565b34801561048357600080fd5b5061048f600435610f7f565b6040805192835260208301919091528051918290030190f35b3480156104b457600080fd5b5061019b600435600160a060020a0360243516610f9c565b6000600160e060020a031982167f3b3b57de00000000000000000000000000000000000000000000000000000000148061052f5750600160e060020a031982167fd8389dc500000000000000000000000000000000000000000000000000000000145b806105635750600160e060020a031982167f691f343100000000000000000000000000000000000000000000000000000000145b806105975750600160e060020a031982167f2203ab5600000000000000000000000000000000000000000000000000000000145b806105cb5750600160e060020a031982167fc869023300000000000000000000000000000000000000000000000000000000145b806105ff5750600160e060020a031982167f59d1d43c00000000000000000000000000000000000000000000000000000000145b806106335750600160e060020a031982167f01ffc9a700000000000000000000000000000000000000000000000000000000145b92915050565b6000805460408051600080516020611140833981519152815260048101879052905186933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b15801561069057600080fd5b505af11580156106a4573d6000803e3d6000fd5b505050506040513d60208110156106ba57600080fd5b5051600160a060020a0316146106cf57600080fd5b6000848152600160209081526040918290209151855185936005019287929182918401908083835b602083106107165780518252601f1990920191602091820191016106f7565b51815160209384036101000a6000190180199092169116179052920194855250604051938490038101909320845161075795919491909101925090506110a4565b50826040518082805190602001908083835b602083106107885780518252601f199092019160209182019101610769565b51815160209384036101000a60001901801990921691161790526040805192909401829003822081835289518383015289519096508a95507fd8c9334b1a9c2f9da342a0a2b32629c1a229b6445dad78947f674b44444a7550948a94508392908301919085019080838360005b8381101561080d5781810151838201526020016107f5565b50505050905090810190601f16801561083a5780820380516001836020036101000a031916815260200191505b509250505060405180910390a350505050565b60008281526001602081905260409091206060905b83831161094c578284161580159061089b5750600083815260068201602052604081205460026000196101006001841615020190911604115b1561094157600083815260068201602090815260409182902080548351601f6002600019610100600186161502019093169290920491820184900484028101840190945280845290918301828280156109355780601f1061090a57610100808354040283529160200191610935565b820191906000526020600020905b81548152906001019060200180831161091857829003601f168201915b50505050509150610951565b600290920291610862565b600092505b509250929050565b6000805460408051600080516020611140833981519152815260048101879052905186933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b1580156109b057600080fd5b505af11580156109c4573d6000803e3d6000fd5b505050506040513d60208110156109da57600080fd5b5051600160a060020a0316146109ef57600080fd5b604080518082018252848152602080820185815260008881526001835284902092516003840155516004909201919091558151858152908101849052815186927f1d6f5e03d3f63eb58751986629a5439baee5079ff04f345becb66e23eb154e46928290030190a250505050565b6000908152600160208190526040909120015490565b600090815260016020526040902054600160a060020a031690565b600082815260016020908152604091829020915183516060936005019285929182918401908083835b60208310610ad65780518252601f199092019160209182019101610ab7565b518151600019602094850361010090810a820192831692199390931691909117909252949092019687526040805197889003820188208054601f6002600183161590980290950116959095049283018290048202880182019052818752929450925050830182828015610b8a5780601f10610b5f57610100808354040283529160200191610b8a565b820191906000526020600020905b815481529060010190602001808311610b6d57829003601f168201915b5050505050905092915050565b6000805460408051600080516020611140833981519152815260048101879052905186933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b158015610bee57600080fd5b505af1158015610c02573d6000803e3d6000fd5b505050506040513d6020811015610c1857600080fd5b5051600160a060020a031614610c2d57600080fd5b6000198301831615610c3e57600080fd5b600084815260016020908152604080832086845260060182529091208351610c68928501906110a4565b50604051839085907faa121bbeef5f32f5961a2a28966e769023910fc9479059ee3495d4c1a696efe390600090a350505050565b6000818152600160208181526040928390206002908101805485516000199582161561010002959095011691909104601f81018390048302840183019094528383526060939091830182828015610d345780601f10610d0957610100808354040283529160200191610d34565b820191906000526020600020905b815481529060010190602001808311610d1757829003601f168201915b50505050509050919050565b6000805460408051600080516020611140833981519152815260048101869052905185933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b158015610d9757600080fd5b505af1158015610dab573d6000803e3d6000fd5b505050506040513d6020811015610dc157600080fd5b5051600160a060020a031614610dd657600080fd5b60008381526001602090815260409091208351610dfb926002909201918501906110a4565b50604080516020808252845181830152845186937fb7d29e911041e8d9b843369e890bcb72c9388692ba48b65ac54e7214c4c348f79387939092839283019185019080838360005b83811015610e5b578181015183820152602001610e43565b50505050905090810190601f168015610e885780820380516001836020036101000a031916815260200191505b509250505060405180910390a2505050565b6000805460408051600080516020611140833981519152815260048101869052905185933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b158015610ef157600080fd5b505af1158015610f05573d6000803e3d6000fd5b505050506040513d6020811015610f1b57600080fd5b5051600160a060020a031614610f3057600080fd5b6000838152600160208181526040928390209091018490558151848152915185927f0424b6fe0d9c3bdbece0e7879dc241bb0c22e900be8b6c168b4ee08bd9bf83bc92908290030190a2505050565b600090815260016020526040902060038101546004909101549091565b6000805460408051600080516020611140833981519152815260048101869052905185933393600160a060020a0316926302571be39260248083019360209383900390910190829087803b158015610ff357600080fd5b505af1158015611007573d6000803e3d6000fd5b505050506040513d602081101561101d57600080fd5b5051600160a060020a03161461103257600080fd5b600083815260016020908152604091829020805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a0386169081179091558251908152915185927f52d7d861f09ab3d26239d492e8968629f95e9e318cf0b73bfddc441522a15fd292908290030190a2505050565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f106110e557805160ff1916838001178555611112565b82800160010185558215611112579182015b828111156111125782518255916020019190600101906110f7565b5061111e929150611122565b5090565b61113c91905b8082111561111e5760008155600101611128565b90560002571be300000000000000000000000000000000000000000000000000000000a165627a7a72305820c27de7e59fab6007ff39ba74a6a8d7e8a5eac02905b0a26fee254f94ff3ae4b60029 00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec 000000000000034a7dedef4a161fa058a2d67a173a90155f3a2fe6fc132e0ebf 0f9188f13cb7b2c71f2a335e3a4fc328bf5beb436012afca590b1a11466e2206
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/github/mikephil/charting/charts/BarChart.java, line(s) 69 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 271,282,297,303,462,466 com/github/mikephil/charting/charts/Chart.java, line(s) 374,188,206,350,851,855,859 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 79 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 149,90,94 com/github/mikephil/charting/components/AxisBase.java, line(s) 157 com/github/mikephil/charting/data/ChartData.java, line(s) 263 com/github/mikephil/charting/data/CombinedData.java, line(s) 205,212,219 com/github/mikephil/charting/data/LineDataSet.java, line(s) 106,119 com/github/mikephil/charting/data/PieEntry.java, line(s) 61,67 com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 318 com/github/mikephil/charting/renderer/CombinedChartRenderer.java, line(s) 107 com/github/mikephil/charting/renderer/ScatterChartRenderer.java, line(s) 58 com/github/mikephil/charting/utils/FileUtils.java, line(s) 45,69,95,109,123,134,150,169,182 com/github/mikephil/charting/utils/Utils.java, line(s) 51,70,79 com/hyy/highlightpro/HighlightProImpl.java, line(s) 128 com/hyy/highlightpro/view/MaskContainer.java, line(s) 201 com/kenai/constantine/ConstantSet.java, line(s) 160,163,164,165,166,167 com/kenai/constantine/platform/ConstantResolver.java, line(s) 185 com/kenai/jffi/Main.java, line(s) 13,6,8,9,10,11 com/shizhefei/view/largeimage/BlockImageLoader.java, line(s) 96,107,145,166,237,460,478,493,500,545,559,585,607,627,679,712,732 com/subgraph/orchid/TorClient.java, line(s) 201,206 com/subgraph/orchid/directory/router/RouterDescriptorImpl.java, line(s) 279,287,296,299 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 86,43 com/trustwallet/walletconnect/WCClient.java, line(s) 276,300,302,338,348,358,534,545,562 com/walletconnect/android/internal/common/signing/eip1271/EIP1271Verifier.java, line(s) 54,57 com/walletconnect/foundation/di/FoundationCommonModuleKt.java, line(s) 81,91,96,106 com/xxxx/common/base/activity/BaseActivity.java, line(s) 497,510 com/xxxx/common/base/fragment/BaseFragment.java, line(s) 258,271 com/xxxx/common/old_adapter/SuperAdapter.java, line(s) 69,84 com/xxxx/common/old_adapter/internal/BaseSuperAdapter.java, line(s) 221 com/xxxx/common/utils/LanguageUtil.java, line(s) 48 com/xxxx/common/utils/pulllocamoderecyclerview/PullLoadMoreRecyclerView.java, line(s) 259 com/xxxx/statter/WalletConnectkt.java, line(s) 42 com/xxxx/statter/customview/zxing/activity/CaptureActivity.java, line(s) 221,249,259,262 com/xxxx/statter/customview/zxing/camera/AutoFocusManager.java, line(s) 34,55,68,92 com/xxxx/statter/customview/zxing/camera/CameraConfigurationManager.java, line(s) 32,41,42,62,104,112,131,139,144,59,64,70,88 com/xxxx/statter/customview/zxing/camera/CameraManager.java, line(s) 61,60,69 com/xxxx/statter/customview/zxing/camera/PreviewCallback.java, line(s) 31 com/xxxx/statter/customview/zxing/camera/open/OpenCameraInterface.java, line(s) 28,35,12,32 com/xxxx/statter/customview/zxing/camera/utils/BeepManager.java, line(s) 72 com/xxxx/statter/customview/zxing/camera/utils/InactivityTimer.java, line(s) 91,41,47 com/xxxx/statter/customview/zxing/qrcode/cuteqr/CuteR.java, line(s) 48,120,260,52,162,172,567,573 com/xxxx/statter/db/MigrationHelper.java, line(s) 224,84,173 com/xxxx/statter/db/compile/DaoMaster.java, line(s) 105,120 com/xxxx/statter/home/activity/TransferActivity.java, line(s) 2608 com/xxxx/statter/home/entity/ShowTable.java, line(s) 314,315,316,317,329,330 com/xxxx/statter/home/fragment/PrivateFileFragment.java, line(s) 160 com/xxxx/statter/home/utils/Hash.java, line(s) 25,40,52,63,74 com/xxxx/statter/utils/DateUtil.java, line(s) 429,435,437,251,252 com/xxxx/statter/utils/FileUtil.java, line(s) 354 com/xxxx/statter/utils/biometric/BiometricPromptApi23.java, line(s) 80,88,96,104 com/xxxx/statter/utils/storagechooser/StorageChooser.java, line(s) 125,134,143 com/xxxx/statter/utils/storagechooser/adapters/StorageChooserListAdapter.java, line(s) 141 com/xxxx/statter/utils/storagechooser/filters/UniversalFileFilter.java, line(s) 130,137 com/xxxx/statter/utils/storagechooser/fragments/ChooserDialogFragment.java, line(s) 135,103 com/xxxx/statter/utils/storagechooser/fragments/SecondaryChooserFragment.java, line(s) 94,522,421 com/xxxx/statter/utils/storagechooser/utils/DiskUtil.java, line(s) 28 com/xxxx/statter/utils/walletutils/EncryptUtil.java, line(s) 136 com/xxxx/statter/utils/walletutils/KeysUtils.java, line(s) 26,58 com/xxxx/statter/wc/dialog/EthSendTansactionDialog.java, line(s) 395 jnr/a64asm/Assembler_A64.java, line(s) 185,188 jnr/constants/ConstantSet.java, line(s) 210 jp/co/cyberagent/android/gpuimage/GLTextureView.java, line(s) 304,318,482,981,559 jp/co/cyberagent/android/gpuimage/PixelBuffer.java, line(s) 51,60,64,94,96,98 jp/co/cyberagent/android/gpuimage/util/OpenGlUtils.java, line(s) 69,77,82,91 junit/runner/BaseTestRunner.java, line(s) 148 junit/runner/Version.java, line(s) 12 junit/textui/TestRunner.java, line(s) 88,112,137 me/jessyan/autosize/AutoSize.java, line(s) 169 me/jessyan/autosize/AutoSizeConfig.java, line(s) 108,125,134,199 me/jessyan/autosize/DefaultAutoAdaptStrategy.java, line(s) 21,31,34,15,28 me/jessyan/autosize/utils/AutoSizeLog.java, line(s) 23,35,29 me/jessyan/rxerrorhandler/handler/RetryWithDelay.java, line(s) 30 me/jessyan/rxerrorhandler/handler/RetryWithDelayOfFlowable.java, line(s) 30 net/sqlcipher/AbstractCursor.java, line(s) 237 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 49,97,138,164,175,185,203,108,119,223 net/sqlcipher/DatabaseUtils.java, line(s) 57,68,589,656 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 12,14,18,28,32 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 46,59,66,77 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteDatabase.java, line(s) 364,909,917,937,948 net/sqlcipher/database/SQLiteDebug.java, line(s) 8,9,10,11,12,13 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 168,189 net/sqlcipher/database/SQLiteProgram.java, line(s) 67,73 net/sqlcipher/database/SQLiteQuery.java, line(s) 43 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 134,133 net/sqlcipher/database/SqliteWrapper.java, line(s) 34,44,54,64,74 org/bitcoinj/store/DatabaseFullPrunedBlockStore.java, line(s) 1018,1028,1046,1059 org/bitcoinj/store/LevelDBFullPrunedBlockStore.java, line(s) 897,307 org/greenrobot/eventbus/Logger.java, line(s) 33,38 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/greendao/AbstractDao.java, line(s) 281,682 org/greenrobot/greendao/DaoException.java, line(s) 28,29 org/greenrobot/greendao/DaoLog.java, line(s) 35,39,67,15,43,47,27,31,51,55,59,63 org/greenrobot/greendao/DbUtils.java, line(s) 88,30 org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 127 org/greenrobot/greendao/internal/LongHashMap.java, line(s) 132 org/greenrobot/greendao/query/QueryBuilder.java, line(s) 242,245 org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 55,57,47 org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 32,35 org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 304 org/greenrobot/greendao/test/DbTest.java, line(s) 85 org/java_websocket/AbstractWebSocket.java, line(s) 32,42,50,54,78,84 org/java_websocket/SSLSocketChannel.java, line(s) 320 org/java_websocket/WebSocketImpl.java, line(s) 255,346,468,543 org/java_websocket/server/WebSocketServer.java, line(s) 456,483,241,320 org/koin/android/logger/AndroidLogger.java, line(s) 58,68,70,62,66 org/objectweb/asm/commons/JSRInlinerAdapter.java, line(s) 198 org/objectweb/asm/util/CheckClassAdapter.java, line(s) 241,242 org/tron/common/crypto/ECKey.java, line(s) 252 org/tron/common/crypto/Hash.java, line(s) 27,42,54,65,76 org/tron/common/crypto/SymmEncoder.java, line(s) 15,19,27,31 org/tron/common/utils/AbiUtil.java, line(s) 344 org/tron/keystore/StringUtils.java, line(s) 140,142,146,148 org/web3j/ens/contracts/generated/ENS.java, line(s) 152,186,218,250 org/web3j/ens/contracts/generated/PublicResolver.java, line(s) 232,264,296,328,360,394 org/web3j/protocol/core/filters/Filter.java, line(s) 77 org/web3j/utils/Async.java, line(s) 66 timber/log/Timber.java, line(s) 398,417
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/xxxx/statter/dapps/activity/AdvancedContractActivity.java, line(s) 4,766 com/xxxx/statter/home/activity/ExportKeystoreWordsActivity.java, line(s) 4,128 com/xxxx/statter/home/activity/ExportMnemonicWordsActivity.java, line(s) 4,144 com/xxxx/statter/home/activity/ExportPrivateKeyWordsActivity.java, line(s) 4,133 com/xxxx/statter/home/activity/ExportSttPrivateStringActivity.java, line(s) 4,148 com/xxxx/statter/home/adapter/SelectWalletAdapter.java, line(s) 5,53 com/xxxx/statter/home/fragment/PrivateStringFragment.java, line(s) 4,120
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: net/sqlcipher/database/SupportHelper.java, line(s) 12,1 org/greenrobot/greendao/database/SqlCipherEncryptedHelper.java, line(s) 15,4,5
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/walletconnect/android/CoreClient.java, line(s) 132,132 com/walletconnect/android/internal/common/di/KeyServerModuleKt.java, line(s) 86,86 com/xxxx/statter/http/RetrofitManager.java, line(s) 45,45,83
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (echo.walletconnect.com) 通信。
{'ip': '118.193.240.41', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (info.chaindigg.com) 通信。
{'ip': '120.53.206.239', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '青岛', 'latitude': '36.098610', 'longitude': '120.371941'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apifox.com) 通信。
{'ip': '120.27.226.76', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}