一拍即传 7.4.0版本 | 静态分析 _南明离火移动安全分析平台

温馨提示：本平台仅供研究软件风险、安全评估，禁止用于非法用途。由于展示的数据过于全面，请耐心等待加载完成。如有疑问或建议，可加入我们的微信群讨论

应用图标

文件信息

文件名称 us.pinguo.pat360.cameraman_7.4.0.apk
文件大小 89.96MB
MD5 214e0a3ed07e6f118aecfe4ea167b775
SHA1 5fae2dd6c5cdbd2c3a577c85333bb522081d74d8
SHA256 133bcfd022da680ebd5b5286de06c6b05772ab45863d02d8213e4398ee127793
病毒检测无法判定

应用信息

应用名称一拍即传
包名 us.pinguo.pat360.cameraman
主活动 us.pinguo.pat360.cameraman.home.CMFlashActivity
目标SDK 30 最小SDK 21
版本号 7.4.0 子版本号 240521740
加固信息未加壳

非法应用检测（该功能即将上线，识别赌博、诈骗、色情和黑产等类型应用）

组件导出信息

查看

扫描选项

重新扫描管理规则动态分析

反编译代码

Manifest文件查看

APK文件成为会员，解锁下载

Java源代码查看 -- 下载

证书信息

二进制文件已签名
v1 签名: True
v2 签名: True
v3 签名: True
v4 签名: False
主题: C=86, ST=si chuang, L=cheng du, O=camera 360 O, OU=camera 360 OU, CN=camera 360
签名算法: rsassa_pkcs1v15
有效期自: 2017-11-01 14:25:52+00:00
有效期至: 2117-10-08 14:25:52+00:00
发行人: C=86, ST=si chuang, L=cheng du, O=camera 360 O, OU=camera 360 OU, CN=camera 360
序列号: 0x56285959
哈希算法: sha256
证书MD5: 1270a48590d1664aab1bda867563feb7
证书SHA1: 6731200de3f38b482bc2c2e01ac5bb3d692b606b
证书SHA256: 7467942d066f810a39cd02facb2521f449b75bf7032b5943948f5ad9f0dbfbc0
证书SHA512: 052a0d10c2e347b815c887f1b0b3298bb2ab730bfd8f49ef0809670f14e8342e759d773a333d8c4239472df95f41c6b6a7f0d617c924c1cb96e5b84937533798
公钥算法: rsa
密钥长度: 2048
指纹: 8eaa3ca54ba9a2a52a76a316c09642d333ec3ef9c227327cb2dc095629a1cbc3
找到 1 个唯一证书

应用程序权限

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.VIBRATE	普通	控制振动器	允许应用程序控制振动器，用于消息通知振动功能。	显示文件 us/pinguo/pat360/cameraman/ui/u.java
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 b2/a.java c2/a.java c2/i.java ch/qos/logback/core/joran/action/b.java com/aliyun/sls/android/producer/LogProducerHttpTool.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java f4/a.java f4/j.java j8/b.java m8/e.java m8/m.java p3/a.java pa/d.java pc/a.java q8/o.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 a6/a.java aa/c.java b6/a.java cc/a.java ch/qos/logback/core/rolling/helper/b.java ch/qos/logback/core/util/l.java d4/a.java f4/f.java ia/d.java k2/b.java m9/f.java o6/a.java o6/d.java o6/g.java od/d.java pa/a.java pa/d.java pc/a.java pd/o.java qb/f.java td/b.java u5/a.java us/pinguo/aisdk/tools/AIToolDemo.java us/pinguo/cameraman/util/io/b.java us/pinguo/cameraman/util/io/c.java us/pinguo/pat360/basemodule/utils/FileUtil.java us/pinguo/pat360/cameraman/redux/action/effect/CMActionEffectRestore.java us/pinguo/pat360/cameraman/redux/action/lib/CMActionDownloadFile.java z/f0.java z0/a.java
android.permission.READ_EXTERNAL_STORAGE	危险	读取SD卡内容	允许应用程序从SD卡读取信息。	显示文件 aa/c.java b4/b.java b6/a.java b8/b.java c8/a.java ca/a.java ch/qos/logback/core/joran/action/b.java ch/qos/logback/core/rolling/helper/b.java ch/qos/logback/core/util/l.java com/larvalabs/svgandroid/SVGParser.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java f4/f.java ge/a.java ia/d.java o6/d.java o6/g.java pa/a.java pd/c.java q2/c.java q4/b.java q8/o.java r0/b.java u5/a.java us/pinguo/cameraman/util/io/b.java us/pinguo/cameraman/util/io/c.java us/pinguo/pat360/basemodule/utils/FileUtil.java z/f0.java z/h.java z0/c.java
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 o6/e.java p3/a.java pd/l.java q2/c.java q2/e.java q4/b.java us/pinguo/pat360/cameraman/lib/api/CMBObserver.java
android.permission.ACCESS_WIFI_STATE	普通	查看Wi-Fi状态	允许应用程序查看有关Wi-Fi状态的信息。

证书安全分析

高危

0

警告

1

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名

MANIFEST分析

高危

0

警告

7

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 5.0-5.0.2, [minSdk=21]	信息	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 us.pinguo.pat360.cameraman 禁止使用 vulnerable_os_version 规则
2	应用程序已启用明文网络流量 [android:usesCleartextTraffic=true]	警告	应用程序打算使用明文网络流量，例如明文HTTP，FTP协议，DownloadManager和MediaPlayer。针对API级别27或更低的应用程序，默认值为“true”。针对API级别28或更高的应用程序，默认值为“false”。避免使用明文流量的主要原因是缺乏机密性，真实性和防篡改保护；网络攻击者可以窃听传输的数据，并且可以在不被检测到的情况下修改它。	对应用 us.pinguo.pat360.cameraman 禁止使用 clear_text_traffic 规则
3	应用程序数据可以被备份 [android:allowBackup=true]	警告	这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。	对应用 us.pinguo.pat360.cameraman 禁止使用 app_allowbackup 规则
4	Activity (us.pinguo.pat360.cameraman.wxapi.WXPayEntryActivity) 未被保护。 [android:exported=true]	警告	发现 Activity与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 us.pinguo.pat360.cameraman 禁止使用 activity_explicitly_exported 规则
5	Activity (us.pinguo.mix.modules.beauty.BeautyActivity) 未被保护。 [android:exported=true]	警告	发现 Activity与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 us.pinguo.pat360.cameraman 禁止使用 activity_explicitly_exported 规则
6	Activity (us.pinguo.pat360.cameraman.usercenter.CMDemoActivity) 未被保护。 [android:exported=true]	警告	发现 Activity与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 us.pinguo.pat360.cameraman 禁止使用 activity_explicitly_exported 规则
7	Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。 [android:exported=true]	警告	发现 Activity与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 us.pinguo.pat360.cameraman 禁止使用 activity_explicitly_exported 规则
8	Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。 [android:exported=true]	警告	发现 Activity与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 us.pinguo.pat360.cameraman 禁止使用 activity_explicitly_exported 规则

可浏览的Activity组件

ACTIVITY	INTENT
us.pinguo.pat360.cameraman.home.CMFlashActivity	Schemes: growing.03f877bd40001919://,

网络通信安全

序号	范围	严重级别	描述

API调用分析

API功能	源码文件
网络通信-> TCP套接字	显示文件 cc/h.java d8/a.java d8/a0.java d8/j.java e8/c.java f4/a.java f8/b.java i8/d.java i8/e.java i8/f.java i8/j.java j8/j.java l8/d.java l8/g.java m8/e.java m8/m.java o8/a.java q4/b.java q8/n.java q8/o.java q8/x.java us/pinguo/pat360/cameraman/helper/CMExceptionHelper.java us/pinguo/pat360/cameraman/helper/PhotoUpload.java us/pinguo/pat360/cameraman/lib/api/CMBObserver.java us/pinguo/pat360/cameraman/redux/CMException.java
一般功能-> 文件操作	显示文件 a0/a.java a6/a.java a6/b.java aa/c.java aa/d.java aa/e.java aa/f.java ae/a.java b1/b.java b1/d.java b1/j.java b1/k.java b1/l.java b2/a.java b4/a.java b4/b.java b6/a.java b6/b.java b6/c.java b6/d.java b8/a.java b8/b.java b8/d.java b8/e.java b9/a.java ba/b.java bd/a.java be/a.java c1/a.java c1/b.java c2/a.java c2/i.java c8/a.java ca/a.java cc/a.java cc/d.java cc/j.java ch/qos/logback/classic/Level.java ch/qos/logback/classic/Logger.java ch/qos/logback/classic/spi/ClassPackagingData.java ch/qos/logback/classic/spi/LoggerComparator.java ch/qos/logback/classic/spi/LoggerContextVO.java ch/qos/logback/classic/spi/LoggerRemoteView.java ch/qos/logback/classic/spi/LoggingEventVO.java ch/qos/logback/classic/spi/StackTraceElementProxy.java ch/qos/logback/classic/spi/ThrowableProxyVO.java ch/qos/logback/core/joran/action/b.java ch/qos/logback/core/joran/spi/ConsoleTarget.java ch/qos/logback/core/rolling/helper/b.java ch/qos/logback/core/rolling/helper/e.java ch/qos/logback/core/rolling/helper/f.java ch/qos/logback/core/rolling/helper/g.java ch/qos/logback/core/rolling/helper/i.java ch/qos/logback/core/rolling/helper/k.java ch/qos/logback/core/rolling/helper/o.java ch/qos/logback/core/rolling/helper/q.java ch/qos/logback/core/rolling/helper/r.java ch/qos/logback/core/rolling/helper/s.java ch/qos/logback/core/rolling/helper/u.java ch/qos/logback/core/util/e.java ch/qos/logback/core/util/l.java ch/qos/logback/core/util/q.java com/aliyun/sls/android/producer/LogProducerHttpTool.java com/davemorrissey/labs/subscaleview/ImageSource.java com/davemorrissey/labs/subscaleview/ImageViewState.java com/davemorrissey/labs/subscaleview/decoder/SkiaImageDecoder.java com/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder.java com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java com/founder/foundersdk/ControllerCenter/JSONCenter/entiy/FounderFont.java com/founder/foundersdk/ControllerCenter/JSONCenter/entiy/f.java com/larvalabs/svgandroid/SVGParser.java com/nostra13/universalimageloader/core/ImageLoaderConfiguration.java com/nostra13/universalimageloader/core/assist/deque/LinkedBlockingDeque.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/nostra13/universalimageloader/core/download/ImageDownloader.java d/a.java d0/d.java d2/e.java d4/a.java d8/b.java d8/c.java d8/c0.java d8/d0.java d8/e.java d8/e0.java d8/f.java d8/r.java d8/s.java d8/t.java d8/w.java d8/y.java dc/b.java dd/a.java e/c.java e2/b.java e4/i.java e4/m.java e8/c.java ea/j.java f4/a.java f4/d.java f4/e.java f4/f.java f4/j.java f4/l.java f4/m.java f4/n.java f5/b.java f6/a.java f6/e.java f6/g.java f8/b.java fc/a.java g0/i.java g1/c.java g1/e.java g1/h.java g6/a.java g6/b.java g8/a.java ga/b.java gb/i.java gb/k.java gb/l.java ge/a.java h6/a.java h6/b.java hb/q.java i8/a.java i8/b.java i8/c.java i8/d.java i8/e.java i8/f.java i8/j.java ia/d.java ia/g.java j8/a.java j8/b.java j8/d.java j8/e.java j8/g.java j8/j.java j8/k.java ja/a.java k2/b.java k2/c.java k3/b.java k8/b.java l2/a.java l2/b.java l2/e.java l2/g.java l2/h.java l2/i.java l3/b.java l8/b.java l8/d.java l8/e.java l8/f.java l8/g.java l8/h.java l8/i.java l8/j.java l9/a.java l9/f.java l9/j.java la/c.java la/h.java la/i.java m1/b.java m3/a.java m6/b.java m6/e.java m8/e.java m8/m.java m9/f.java m9/o.java mc/j.java me/nereo/multi_image_selector/MultiImageSelectorActivity.java me/nereo/multi_image_selector/MultiImageSelectorFragment$mLoaderCallback$1$onLoadFinished$1.java me/nereo/multi_image_selector/MultiImageSelectorFragment.java me/nereo/multi_image_selector/adapter/FolderAdapter.java n1/a.java n1/d.java n2/c.java n2/d.java n3/b.java n3/d.java n7/m1.java n8/c.java o6/a.java o6/b.java o6/d.java o6/g.java o8/a.java od/d.java p3/a.java p6/a.java pa/a.java pa/d.java pa/f.java pa/k.java pa/l.java pa/p.java pc/a.java pd/c.java pd/d.java pd/n.java pd/o.java q2/c.java q2/d.java q2/e.java q3/c.java q4/b.java q8/buffer.java q8/d.java q8/e.java q8/f.java q8/g.java q8/h.java q8/i.java q8/j.java q8/k.java q8/l.java q8/n.java q8/o.java q8/sink.java q8/source.java q8/w.java q8/x.java q8/y.java q8/z.java qb/b.java qb/d.java qb/f.java qb/j.java r0/b.java r7/a.java s/g.java s2/b.java s2/c.java s2/e.java s8/a.java s8/b.java s8/d.java sd/a.java t/a.java t/c.java t1/a.java t7/a.java t8/i.java tb/e.java td/b.java u1/h.java u1/l.java u1/m.java u2/b.java u2/d.java u5/a.java u5/b.java u5/c.java u7/a.java u7/b.java u7/c.java ua/a.java ud/a.java us/pinguo/aisdk/components/data/AIImage.java us/pinguo/aisdk/tools/AIToolDemo.java us/pinguo/androidsdk/MixGLSurfaceView.java us/pinguo/cameraman/util/io/a.java us/pinguo/cameraman/util/io/b.java us/pinguo/cameraman/util/io/c.java us/pinguo/mix/effects/model/EffectFactory.java us/pinguo/mix/effects/model/EffectModel.java us/pinguo/mix/effects/model/EffectResourceManager.java us/pinguo/mix/effects/model/IEffectModel.java us/pinguo/mix/effects/model/IEffectResourceManager.java us/pinguo/mix/effects/model/ResourceManagerUtils.java us/pinguo/mix/effects/model/entity/Effect.java us/pinguo/mix/effects/model/entity/shop/PackRequirement.java us/pinguo/mix/effects/model/entity/shop/Product.java us/pinguo/mix/effects/model/entity/type/FilterWatermark.java us/pinguo/mix/modules/beauty/BeautyController.java us/pinguo/mix/modules/beauty/presenter/c.java us/pinguo/mix/modules/saveshare/DonePreferences.java us/pinguo/mix/renderer/model/CropRendererMethodForBigPictureInfo.java us/pinguo/old/mix/modules/beauty/CropImageViewForPhoto.java us/pinguo/old/mix/modules/beauty/view/EditCropComboViewForBigPhoto.java us/pinguo/pat360/basemodule/app/Config.java us/pinguo/pat360/basemodule/bean/CMPhoto.java us/pinguo/pat360/basemodule/utils/FileUtil.java us/pinguo/pat360/basemodule/utils/SyncUtil.java us/pinguo/pat360/cameraman/ai/settings/v3/CMAIJSBridge.java us/pinguo/pat360/cameraman/albumpreview/CMAlbumPreviewFragment.java us/pinguo/pat360/cameraman/cmaidls/CMAIDLService.java us/pinguo/pat360/cameraman/dev/CMReportManager$sendReport$1.java us/pinguo/pat360/cameraman/helper/CMPhotoHelper.java us/pinguo/pat360/cameraman/helper/PhotoUpload.java us/pinguo/pat360/cameraman/manager/CMPhotoCompressManager.java us/pinguo/pat360/cameraman/manager/CMPhotoFilterManager.java us/pinguo/pat360/cameraman/manager/CMPhotoSyncManager$importManual$1.java us/pinguo/pat360/cameraman/manager/concurrence/BackPhotoUpload.java us/pinguo/pat360/cameraman/manager/concurrence/LivePhotoTask.java us/pinguo/pat360/cameraman/manager/concurrence/RawPhotoUpload.java us/pinguo/pat360/cameraman/manager/photosync/CMPhotoCompatFactory.java us/pinguo/pat360/cameraman/redux/CMResult.java us/pinguo/pat360/cameraman/redux/action/CMActionCopy.java us/pinguo/pat360/cameraman/redux/action/debug/CMActionUploadLog.java us/pinguo/pat360/cameraman/redux/action/effect/CMActionEffectBackUp.java us/pinguo/pat360/cameraman/redux/action/effect/CMActionEffectRestore.java us/pinguo/pat360/cameraman/redux/action/lib/CMActionDownloadFile.java us/pinguo/pat360/cameraman/redux/state/e.java us/pinguo/pat360/cameraman/redux/state/envir/CMStorageState.java us/pinguo/pat360/cameraman/ui/CMPhotoActivity.java us/pinguo/theme/ThemeSettings.java v0/a.java v0/b.java v1/a.java v5/c.java va/e.java w3/a.java w3/b.java w9/a.java wa/a.java x/b.java x3/a.java y/c.java y/d.java y/e.java y/f.java y/h.java y3/d.java y3/h.java y3/k.java y4/c.java y4/d.java y7/a.java y7/b.java y7/c.java y7/d.java y7/e.java y8/d.java y9/a.java z/d0.java z/e0.java z/f0.java z/h.java z/n.java z0/a.java z0/c.java z0/d.java z3/a.java z5/a.java z9/b.java
一般功能-> 获取系统服务(getSystemService)	显示文件 aa/b.java aa/f.java com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java f/d.java gb/d.java h0/c1.java he/b.java l0/c.java m0/a.java me/nereo/multi_image_selector/adapter/FolderAdapter.java o6/e.java pd/l.java q2/c.java q2/e.java q4/b.java qa/a.java qa/b.java r7/a.java sa/a.java t7/b.java us/pinguo/lib/ptp/PtpUsbService.java us/pinguo/lib/ptp/api/RemoteDeviceManager.java us/pinguo/old/mix/modules/beauty/CropImageViewForPhoto.java us/pinguo/pat360/cameraman/dialog/CMControlDialog.java us/pinguo/pat360/cameraman/home/customerServiceStaff/CMCustomerServiceStaffFragment.java us/pinguo/pat360/cameraman/home/fragment/CMChangePasswordFragment.java us/pinguo/pat360/cameraman/home/fragment/CMNewOrderFragment.java us/pinguo/pat360/cameraman/lib/api/CMBObserver.java us/pinguo/pat360/cameraman/setting/CMOrderSettingsFragment.java us/pinguo/pat360/cameraman/ui/u.java v/k.java x/b.java xa/a.java xa/f.java y3/k.java y8/b.java y8/d.java
网络通信-> WebView JavaScript接口	com/smallbuer/jsbridge/core/BridgeWebView.java
网络通信-> WebView 相关	com/smallbuer/jsbridge/core/BridgeWebView.java com/smallbuer/jsbridge/core/BridgeWebViewClient.java
一般功能-> IPC通信	显示文件 ab/a.java b/a.java b/b.java b/c.java b/d.java cc/a.java com/alipay/android/app/IAlixPay.java com/alipay/android/app/IRemoteServiceCallback.java com/didi/drouter/router/ActivityCompat2.java com/didi/drouter/router/n.java com/didi/drouter/router/p.java com/didi/drouter/router/q.java d0/b.java d0/d.java e3/e.java f3/c.java g/a.java g/d.java gb/d.java gb/i.java i3/a.java me/nereo/multi_image_selector/MultiImageSelectorActivity.java me/nereo/multi_image_selector/MultiImageSelectorFragment.java me/nereo/multi_image_selector/a.java me/nereo/multi_image_selector/c.java me/nereo/multi_image_selector/d.java o4/d.java od/d.java p2/a.java p2/d.java pc/a.java q2/c.java qb/b.java qb/h.java rc/b.java t2/b.java t2/g.java t3/a.java us/pinguo/cameraman/util/io/a.java us/pinguo/lib/ptp/PtpUsbService.java us/pinguo/lib/ptp/api/RemoteDeviceManager.java us/pinguo/mix/modules/beauty/BeautyActivity.java us/pinguo/mix/modules/beauty/BeautyController.java us/pinguo/pat360/cameraman/ai/settings/CMAiActivity.java us/pinguo/pat360/cameraman/ai/settings/v3/CMHybridActivity.java us/pinguo/pat360/cameraman/cmaidls/CMAIDLService.java us/pinguo/pat360/cameraman/manager/CMStatusBarDataManger.java us/pinguo/pat360/cameraman/manager/LaunchManager.java us/pinguo/pat360/cameraman/photo/usercase/CMPhotoMixEditUserCaseKt.java us/pinguo/pat360/cameraman/photothumb/CMPhotoThumbFragment$bindPhotoGrid$2.java us/pinguo/pat360/cameraman/photothumb/widget/CMInfoStatusViewModel.java us/pinguo/pat360/cameraman/purchase/CMPurchaseActionActivity.java us/pinguo/pat360/cameraman/purchase/CMPurchaseBodyFragment.java us/pinguo/pat360/cameraman/ui/CMPhotoActivity.java us/pinguo/pat360/cameraman/ui/CMTXCActivity.java us/pinguo/pat360/cameraman/widget/X5WebViewV2.java us/pinguo/pat360/cameraman/wxapi/WXPayEntryActivity.java v/b.java v/g.java v/m.java v/r.java v/w.java v3/a.java w/a.java w/b.java w3/a.java x/b.java y3/e.java y3/k.java y8/b.java ya/a.java
网络通信-> HTTP建立连接	显示文件 com/aliyun/sls/android/producer/LogProducerHttpTool.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java f4/a.java f4/j.java p3/a.java
调用java反射机制	显示文件 a0/a.java a0/t.java a4/c.java aa/a.java aa/f.java b4/a.java ch/qos/logback/classic/spi/g.java ch/qos/logback/classic/spi/i.java ch/qos/logback/core/rolling/helper/k.java ch/qos/logback/core/util/n.java com/wang/avi/AVLoadingIndicatorView.java d0/f.java d1/a.java e1/b.java e3/b.java f1/d.java f1/h.java f1/p0.java f1/z.java f2/b.java f2/c.java f2/d.java f2/e.java f2/f.java g3/a.java h0/c1.java h0/i3.java h0/r.java h0/w2.java h1/a.java j6/b.java k3/d.java k3/g.java m8/e.java m8/f.java m8/g.java m8/h.java m8/l.java n4/c.java n8/h.java n8/j.java n8/n.java o4/h.java q0/b.java q2/c.java q2/e.java r/a.java r/c.java r/d.java r/f.java r3/a.java s/k.java t2/a.java us/pinguo/lib/ptp/g.java us/pinguo/mix/effects/model/ResourceManagerUtils.java us/pinguo/pat360/cameraman/home/CMBannerView.java v/g.java v1/a.java v1/b.java x2/g.java y/h.java y3/k.java y8/d.java z/h.java z/i.java z/n.java z/o.java
网络通信-> SSL证书处理	显示文件 d8/a.java d8/a0.java f4/j.java i8/e.java i8/f.java m8/g.java m8/m.java n8/n.java
组件-> 启动 Service	显示文件 p2/d.java qb/b.java t2/b.java t2/g.java v3/a.java y3/e.java
一般功能-> 加载so文件	显示文件 d4/a.java q4/a.java us/pinguo/aiclient/AIClient.java us/pinguo/aisdk/AutoAdjustManager.java us/pinguo/aisdk/FaceDetectionManager.java us/pinguo/aisdk/SkySegmentationManager.java us/pinguo/aisdk/tools/AIToolMat.java us/pinguo/androidsdk/MixNativeMethod.java us/pinguo/androidsdk/PGNativeMethod.java
组件-> 启动 Activity	显示文件 ab/a.java com/alipay/android/app/IRemoteServiceCallback.java com/didi/drouter/router/ActivityCompat2.java f3/c.java me/nereo/multi_image_selector/MultiImageSelectorFragment.java me/nereo/multi_image_selector/a.java rc/b.java us/pinguo/mix/modules/beauty/RecyclerLayout.java us/pinguo/pat360/cameraman/ui/CMTXCActivity.java us/pinguo/pat360/cameraman/wxapi/WXPayEntryActivity.java v/b.java v/w.java x/b.java y3/e.java y3/k.java y8/b.java ya/a.java
加密解密-> Crypto加解密组件	显示文件 a4/c.java k3/a.java n3/c.java n3/d.java n3/e.java p6/a.java w7/a.java
加密解密-> 信息摘要算法	显示文件 a4/b.java b4/a.java c6/c.java e4/i.java p2/d.java pa/e.java pd/c.java pd/o.java q4/b.java r8/d.java us/pinguo/pat360/basemodule/utils/FileUtil.java y3/k.java y4/c.java
DEX-> 动态加载	显示文件 ch/qos/logback/classic/spi/g.java ch/qos/logback/core/util/n.java ch/qos/logback/core/util/o.java v1/b.java
一般功能-> 查看\修改Android系统属性	显示文件 b4/a.java k3/g.java q2/c.java q2/e.java r3/a.java v1/b.java y3/k.java
加密解密-> Base64 加密	显示文件 a3/b.java b4/a.java e0/e.java p6/a.java pd/c.java y3/e.java
加密解密-> Base64 解密	p6/a.java y/e.java
组件-> 发送广播	显示文件 cc/a.java me/nereo/multi_image_selector/MultiImageSelectorActivity.java od/d.java pc/a.java us/pinguo/cameraman/util/io/a.java y3/k.java
一般功能-> 获取活动网路信息	显示文件 o6/e.java pd/l.java q2/c.java us/pinguo/pat360/cameraman/lib/api/CMBObserver.java
辅助功能accessibility相关	h0/a.java i0/c0.java
进程操作-> 杀死进程	gb/d.java us/pinguo/pat360/cameraman/cmaidls/CMAIDLService.java y8/b.java
进程操作-> 获取进程pid	显示文件 gb/d.java us/pinguo/pat360/cameraman/cmaidls/CMAIDLService.java x/b.java x/g.java y8/b.java y8/d.java z/f0.java
组件-> ContentProvider	com/didi/drouter/store/LoadProvider.java
网络通信-> HTTPS建立连接	f4/j.java p3/a.java
网络通信-> URLConnection	b2/a.java pc/a.java
JavaScript 接口方法	com/smallbuer/jsbridge/core/BaseJavascriptInterface.java com/smallbuer/jsbridge/core/BridgeJavascritInterface.java
隐私数据-> 获取已安装的应用程序	com/didi/drouter/router/q.java
隐私数据-> 剪贴板数据读写操作	显示文件 us/pinguo/pat360/cameraman/dialog/CMControlDialog.java us/pinguo/pat360/cameraman/home/customerServiceStaff/CMCustomerServiceStaffFragment.java us/pinguo/pat360/cameraman/setting/CMOrderSettingsFragment.java y8/b.java
一般功能-> 获取网络接口信息	pd/m.java q2/c.java q4/b.java
网络通信-> WebView使用File协议	us/pinguo/pat360/cameraman/albumpreview/CMAlbumPreviewFragment.java us/pinguo/pat360/cameraman/widget/X5WebView.java us/pinguo/pat360/cameraman/widget/X5WebViewV2.java
隐私数据-> 屏幕截图，截取自己应用内部界面	com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java
网络通信-> DefaultHttpClient Connection	q4/b.java
设备指纹-> 查看本机IMSI	q2/c.java
设备指纹-> 查看本机SIM卡序列号	q2/c.java
一般功能-> 传感器相关操作	q2/c.java

安全漏洞检测

高危

3

警告

8

信息

2

安全

2

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_read_write_external in us.pinguo.pat360.cameraman Suppress the rule android_read_write_external in us.pinguo.pat360.cameraman only from these files
2	已启用远程WebView调试	高危	CWE: CWE-919: 移动应用程序中的弱点 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-RESILIENCE-2	升级会员：解锁高级权限	Suppress the rule android_webview_debug in us.pinguo.pat360.cameraman Suppress the rule android_webview_debug in us.pinguo.pat360.cameraman only from these files
3	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	升级会员：解锁高级权限	Suppress the rule android_hardcoded in us.pinguo.pat360.cameraman Suppress the rule android_hardcoded in us.pinguo.pat360.cameraman only from these files
4	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	升级会员：解锁高级权限	Suppress the rule android_sql_raw_query in us.pinguo.pat360.cameraman Suppress the rule android_sql_raw_query in us.pinguo.pat360.cameraman only from these files
5	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	升级会员：解锁高级权限	Suppress the rule android_logging in us.pinguo.pat360.cameraman Suppress the rule android_logging in us.pinguo.pat360.cameraman only from these files
6	此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击	安全	OWASP MASVS: MSTG-NETWORK-4	升级会员：解锁高级权限	Suppress the rule android_ssl_pinning in us.pinguo.pat360.cameraman Suppress the rule android_ssl_pinning in us.pinguo.pat360.cameraman only from these files
7	应用程序创建临时文件。敏感信息永远不应该被写进临时文件	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_temp_file in us.pinguo.pat360.cameraman Suppress the rule android_temp_file in us.pinguo.pat360.cameraman only from these files
8	应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。	高危	CWE: CWE-649: 依赖于混淆或加密安全相关输入而不进行完整性检查 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-3	升级会员：解锁高级权限	Suppress the rule cbc_padding_oracle in us.pinguo.pat360.cameraman Suppress the rule cbc_padding_oracle in us.pinguo.pat360.cameraman only from these files
9	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	Suppress the rule android_sha1 in us.pinguo.pat360.cameraman Suppress the rule android_sha1 in us.pinguo.pat360.cameraman only from these files
10	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	Suppress the rule android_md5 in us.pinguo.pat360.cameraman Suppress the rule android_md5 in us.pinguo.pat360.cameraman only from these files
11	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	升级会员：解锁高级权限	Suppress the rule android_insecure_random in us.pinguo.pat360.cameraman Suppress the rule android_insecure_random in us.pinguo.pat360.cameraman only from these files
12	此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板，因为其他应用程序可以访问它	信息	OWASP MASVS: MSTG-STORAGE-10	升级会员：解锁高级权限	Suppress the rule android_clipboard_copy in us.pinguo.pat360.cameraman Suppress the rule android_clipboard_copy in us.pinguo.pat360.cameraman only from these files
13	确保用户控制的 URL 永远不会到达 Web 视图。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息	警告	CWE: CWE-200: 信息泄露 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	升级会员：解锁高级权限	Suppress the rule android_webview_allow_file_from_url in us.pinguo.pat360.cameraman Suppress the rule android_webview_allow_file_from_url in us.pinguo.pat360.cameraman only from these files
14	该文件是World Writable。任何应用程序都可以写入文件	高危	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_world_writable in us.pinguo.pat360.cameraman Suppress the rule android_world_writable in us.pinguo.pat360.cameraman only from these files
15	此应用程序可能具有Root检测功能	安全	OWASP MASVS: MSTG-RESILIENCE-1	升级会员：解锁高级权限	Suppress the rule android_detect_root in us.pinguo.pat360.cameraman Suppress the rule android_detect_root in us.pinguo.pat360.cameraman only from these files

Native库安全分析

序号	动态库	NX(堆栈禁止执行)	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)
1	arm64-v8a/libAIAutoAdjust.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__memmove_chk', '__memset_chk', '__strlen_chk', '__strcpy_chk', '__vsprintf_chk', '__vsnprintf_chk', '__fgets_chk', '__memcpy_chk']	False warning 符号可用
2	arm64-v8a/libAIFaceDetection.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__memmove_chk', '__strlen_chk', '__fgets_chk', '__memcpy_chk', '__memset_chk', '__strcpy_chk', '__vsnprintf_chk']	False warning 符号可用
3	arm64-v8a/libAISkySegmentation.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__memmove_chk', '__memset_chk', '__strlen_chk', '__strcpy_chk', '__vsnprintf_chk', '__fgets_chk', '__read_chk', '__memcpy_chk']	False warning 符号可用
4	arm64-v8a/libmiximagekit.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用
5	arm64-v8a/libomp.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	False high 这个二进制文件没有在栈上添加栈哨兵值。栈哨兵是用于检测和防止攻击者覆盖返回地址的一种技术。使用选项-fstack-protector-all来启用栈哨兵。这对于Dart/Flutter库不适用，除非使用了Dart FFI	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用
6	arm64-v8a/libPGAIClient.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__vsnprintf_chk', '__strlen_chk', '__memcpy_chk', '__memmove_chk', '__memset_chk']	False warning 符号可用
7	arm64-v8a/libPGAITools.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__memmove_chk', '__strlen_chk', '__fgets_chk', '__memcpy_chk', '__memset_chk', '__strcpy_chk', '__vsnprintf_chk']	False warning 符号可用
8	arm64-v8a/libPinguoImageSDK.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	True info 二进制文件有以下加固函数: ['__memcpy_chk', '__vsprintf_chk', '__strcpy_chk', '__vsnprintf_chk', '__strncpy_chk', '__strchr_chk', '__strlen_chk', '__memset_chk', '__memmove_chk']	False warning 符号可用
9	arm64-v8a/libsls_producer.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用

文件分析

序号	问题	文件

敏感权限分析

恶意软件常用权限 1/30

android.permission.VIBRATE

其它常用权限 5/46

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地理位置

恶意域名检测

域名	状态	中国境内	位置信息
y-dev.camera360.com	安全	是	IP地址: 47.99.140.28 国家: 中国地区: 浙江城市: 杭州查看: 高德地图
beian.miit.gov.cn	安全	是	IP地址: 157.185.188.1 国家: 中国地区: 福建城市: 福州查看: 高德地图
h5.m.taobao.com	安全	是	IP地址: 110.75.132.131 国家: 中国地区: 江苏城市: 镇江查看: 高德地图
pipeline.qiniu.com	安全	否	没有可用的地理位置信息。
api.foundertype.com	安全	是	IP地址: 39.99.165.15 国家: 中国地区: 北京城市: 北京查看: 高德地图
www.yipai360.com	安全	是	IP地址: 58.222.46.210 国家: 中国地区: 浙江城市: 杭州查看: 高德地图
bugs.llvm.org	安全	否	IP地址: 54.67.122.174 国家: 美利坚合众国地区: 加利福尼亚城市: 圣何塞查看: Google 地图
up4.ucweb.com	安全	是	IP地址: 58.222.46.210 国家: 中国地区: 河北城市: 张家口查看: 高德地图
gjapplog.ucweb.com	安全	否	IP地址: 58.222.46.210 国家: 加拿大地区: 安大略城市: 北约克查看: Google 地图
logback.qos.ch	安全	否	IP地址: 159.100.250.151 国家: 瑞士地区: 苏黎世城市: 苏黎世查看: Google 地图
wpk-auth.ucweb.com	安全	否	IP地址: 58.222.46.210 国家: 加拿大地区: 安大略城市: 北约克查看: Google 地图
ypjc-resource.c360dn.com	安全	是	IP地址: 122.228.207.51 国家: 中国地区: 浙江城市: 温州查看: 高德地图
c360-o2o.c360dn.com	安全	是	IP地址: 122.228.207.51 国家: 中国地区: 江苏城市: 南通查看: 高德地图
openmp.llvm.org	安全	否	IP地址: 54.67.122.174 国家: 美利坚合众国地区: 加利福尼亚城市: 圣何塞查看: Google 地图
item.taobao.com	安全	是	IP地址: 110.75.132.131 国家: 中国地区: 江苏城市: 台州查看: 高德地图
applog.uc.cn	安全	是	IP地址: 58.222.46.210 国家: 中国地区: 河北城市: 张家口查看: 高德地图
mobilegw.alipaydev.com	安全	是	IP地址: 110.75.132.131 国家: 中国地区: 浙江城市: 杭州查看: 高德地图
up4-intl.ucweb.com	安全	否	IP地址: 58.216.2.41 国家: 加拿大地区: 安大略城市: 北约克查看: Google 地图
offlinelog.faceplusplus.com	安全	是	IP地址: 42.121.128.228 国家: 中国地区: 浙江城市: 杭州查看: 高德地图
www.qiniu.com	安全	是	IP地址: 123.182.48.117 国家: 中国地区: 江苏城市: 盐城查看: 高德地图
woodpecker.uc.cn	安全	是	IP地址: 123.182.48.117 国家: 中国地区: 河北城市: 张家口查看: 高德地图
store-bsy.c360dn.com	安全	是	IP地址: 58.216.2.41 国家: 中国地区: 江苏城市: 常州查看: 高德地图

手机号提取

URL链接分析

URL信息	源码文件
https://tony19.github.io/logback-android/xml https://cdn.jsdelivr.net/gh/tony19/logback-android/logback.xsd	自研引擎-A
https://www.yipai360.com/photo-control-h5?orderid=	us/pinguo/pat360/cameraman/dialog/CMControlDialog.java
https://www.yipai360.com/live/	us/pinguo/pat360/cameraman/home/customerServiceStaff/CMCustomerServiceStaffFragment.java
https://c360-o2o.c360dn.com/	bd/CMRestoreItemBo.java
https://c360-o2o.c360dn.com/	us/pinguo/pat360/cameraman/dev/CMReportManager.java
http://logback.qos.ch/codes.html#appender_order	c2/d.java
https://beian.miit.gov.cn/	us/pinguo/pat360/cameraman/home/fragment/CMICPRecordNumberFragment.java
https://mobilegw.alipaydev.com/mgw.htm	y3/j.java
https://support.qq.com/embed/phone/404375/faqs-category/98873	us/pinguo/pat360/cameraman/ui/CMUsbConnectStatusBarFragment.java
https://support.qq.com/product/404375	us/pinguo/pat360/cameraman/ui/CMTXCActivity.java
https://www.yipai360.com/jonyh5qrcode/	us/pinguo/pat360/cameraman/home/customerServiceStaff/CMOnlineCustomerServiceFragment.java
https://www.yipai360.com/ypjc_ystk.html?version=2.0 https://www.yipai360.com/ypjc_yhxy.html?version=2.0 http://y-dev.camera360.com/photoliveapp/home? https://www.yipai360.com/photoliveapp/home?	ab/a.java
https://work.weixin.qq.com/kfid/kfc7858337f48dc588d	us/pinguo/pat360/cameraman/widget/CMHelpDialog.java
http://logback.qos.ch/codes.html#earlier_fa_collision	u1/h.java
https://loggw-exsdk.alipay.com/loggw/logupload.do	s3/d.java
http://logback.qos.ch/codes.html#missingrightparenthesis	i2/f.java
http://logback.qos.ch/codes.html#renamingerror	ch/qos/logback/core/rolling/helper/s.java
www.yipai360.com http://y-dev.camera360.com/photolive/home? www.yipai360.com/ https://www.yipai360.com/photolive/home?	us/pinguo/pat360/cameraman/lib/api/CMApi.java
https://mcgw.alipay.com/sdklog.do	s3/c.java
https://www.yipai360.com/ypjc_grgx.html https://www.yipai360.com/ypjc_yhxy.html?version=2.0 https://www.yipai360.com/ypjc_xtsy.html https://www.yipai360.com/ypjc_grsy.html https://www.yipai360.com/ypjc_ystk.html?version=2.0	us/pinguo/pat360/cameraman/home/fragment/CMUserMoreFragment.java
https://support.qq.com/product/404375	us/pinguo/pat360/cameraman/home/fragment/CMUserFragment.java
https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/v_lian.jpg https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/shoulian.jpg https://c360-o2o.c360dn.com/0716be20-daeb-43e5-8f96-b13dd746a323 https://c360-o2o.c360dn.com/4948e889-3f9c-4a4c-b7a5-6b1d01f34998 https://c360-o2o.c360dn.com/297c4a84-40bc-4d25-81be-8becbb34f0e6 https://c360-o2o.c360dn.com/f9e4af3d-786c-4c21-b215-08bdbacd2937 https://c360-o2o.c360dn.com/9dd1b930-130f-432e-9d07-deea27b63b64 https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/xiaolian.jpg https://c360-o2o.c360dn.com/b93b0479-03a1-4c42-b6a1-0b83d0c5ed3b https://c360-o2o.c360dn.com/40411e87-71cc-4135-a335-9fd05c8c6a7b https://c360-o2o.c360dn.com/5516c030-bfc0-4319-9c4b-440d29d8ada1	hb/q.java
https://mobilegw.alipay.com/mgw.htm	j3/a.java
https://support.qq.com/product/404375 https://support.qq.com/embed/phone/404375/faqs/143542	us/pinguo/pat360/cameraman/home/fragment/CMMainOrderListFragment.java
https://support.qq.com/embed/phone/404375/faqs-list/125376 https://support.qq.com/embed/phone/404375/faqs-category/98873 https://support.qq.com/embed/phone/404375/faqs-list/125375	us/pinguo/pat360/cameraman/setting/CMAlbumSettingFragment.java
https://www.yipai360.com/live/	us/pinguo/pat360/cameraman/setting/CMOrderSettingsFragment.java
http://offlinelog.faceplusplus.com/log/newlog	q4/b.java
https://h5.m.taobao.com/mlapp/olist.html	l3/a.java
http://logback.qos.ch/codes.html#rfa_file_after http://logback.qos.ch/codes.html#rfa_collision http://logback.qos.ch/codes.html#rfa_no_rp http://logback.qos.ch/codes.html#rfa_no_tp	l2/b.java
http://logback.qos.ch/codes.html#rfa_collision_in_dateformat	l2/g.java
http://logback.qos.ch/manual/appenders.html#sizeandtimebasedrollingpolicy http://logback.qos.ch/codes.html#sat_missing_integer_token	l2/e.java
http://logback.qos.ch/codes.html#tbr_fnp_not_set	l2/h.java
https://api.foundertype.com/mt.php/	y4/a.java
https://www.yipai360.com/facephoto/ https://item.taobao.com/item.htm?spm=a1z10.1-c-s.w5003-21641834123.3.129a14e3xofxcl&id=586030188544&scene=taobao_shop	rc/b.java
https://store-bsy.c360dn.com/fb118ce9b53288566f5b5780a883dc54.zip https://store-bsy.c360dn.com/c39a52ef3ee1d99818ff3e646e51c541.zip	us/pinguo/mix/effects/model/entity/CompositeEffect.java
https://mclient.alipay.com/home/exterfaceassign.htm? www.yipai360.com https://223.6.6.6/dns-query https://support.qq.com/embed/phone/404375/faqs/143542 https://8.8.8.8/dns-query https://www.yipai360.com/ypjc_grsy.html https://debugtbs.qq.com?10000 http://y-dev.camera360.com/photolive/home? 127.0.0.1 https://mdc.html5.qq.com/mh?channel_id=50079&u= 114.114.114.114 https://www.yipai360.com/photoliveapp/home? https://www.yipai360.com/ypjc_grgx.html https://wappaygw.alipay.com/service/rest.htm http://mclient.alipay.com/service/rest.htm http://offlinelog.faceplusplus.com/log/newlog https://loggw-exsdk.alipay.com/loggw/logupload.do https://www.yipai360.com/ypjc_ystk.html?version=2.0 https://store-bsy.c360dn.com/fb118ce9b53288566f5b5780a883dc54.zip https://tbs.imtt.qq.com/plugin/debugplugin_v2.tbs https://mobilegwpre.alipay.com/mgw.htm https://wpk-auth.ucweb.com https://www.yipai360.com/ypjc_yhxy.html?version=2.0 https://c360-o2o.c360dn.com/0716be20-daeb-43e5-8f96-b13dd746a323 http://y-dev.camera360.com/photoliveapp/home? http://logback.qos.ch/codes.html#tbr_fnp_not_set http://logback.qos.ch/codes.html#rfa_no_tp https://www.baidu.com https://mobilegw.alipaydev.com/mgw.htm https://www.yipai360.com/photolive/home? https://www.yipai360.com/ypjc_xtsy.html https://pipeline.qiniu.com https://c360-o2o.c360dn.com/b93b0479-03a1-4c42-b6a1-0b83d0c5ed3b https://beian.miit.gov.cn/ http://logback.qos.ch/codes.html#renamingerror https://mclient.alipay.com/cashier/mobilepay.htm http://logback.qos.ch/manual/appenders.html#sizeandtimebasedrollingpolicy https://item.taobao.com/item.htm?spm=a1z10.1-c-s.w5003-21641834123.3.129a14e3xofxcl&id=586030188544&scene=taobao_shop 223.5.5.5 https://support.qq.com/embed/phone/404375/faqs-list/125376 https://wappaygw.alipay.com/home/exterfaceassign.htm? https://mobilegw.alipay.com/mgw.htm 1.1.1.1 https://c360-o2o.c360dn.com/f9e4af3d-786c-4c21-b215-08bdbacd2937 https://debugx5.qq.com https://www.yipai360.com/live/ https://support.qq.com/embed/phone/404375/faqs-category/98873 https://c360-o2o.c360dn.com/9dd1b930-130f-432e-9d07-deea27b63b64 https://www.yipai360.com/facephoto/ https://gjapplog.ucweb.com/collect http://logback.qos.ch/codes.html#rfa_collision_in_dateformat https://www.yipai360.com/jonyh5qrcode/ https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/v_lian.jpg https://mdc.html5.qq.com/d/directdown.jsp?channel_id=50079 http://logback.qos.ch/codes.html#missingrightparenthesis www.qq.com https://mclient.alipay.com/service/rest.htm https://www.yipai360.com/photo-control-h5?orderid= http://logback.qos.ch/codes.html#sat_missing_integer_token https://c360-o2o.c360dn.com/5516c030-bfc0-4319-9c4b-440d29d8ada1 http://mclient.alipay.com/home/exterfaceassign.htm 119.29.29.29 file:unexpect https://h5.m.taobao.com/mlapp/olist.html https://www.qiniu.com https://mcgw.alipay.com/sdklog.do https://c360-o2o.c360dn.com/4948e889-3f9c-4a4c-b7a5-6b1d01f34998 https://www.google.com http://mclient.alipay.com/cashier/mobilepay.htm https://up4-intl.ucweb.com/upload http://logback.qos.ch/codes.html#rfa_no_rp https://support.qq.com/product/404375 https://debugtbs.qq.com https://pms.mb.qq.com/rsp204 https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/shoulian.jpg https://up4.ucweb.com/upload 2.5.29.37 https://c360-o2o.c360dn.com/ https://ypjc-resource.c360dn.com/jony/minipro/ordersetting/xiaolian.jpg 208.67.222.222 http://logback.qos.ch/codes.html#rfa_file_after http://wappaygw.alipay.com/service/rest.htm https://work.weixin.qq.com/kfid/kfc7858337f48dc588d https://api.foundertype.com/mt.php/ https://applog.uc.cn/collect https://c360-o2o.c360dn.com/297c4a84-40bc-4d25-81be-8becbb34f0e6 http://logback.qos.ch/codes.html#appender_order http://logback.qos.ch/codes.html#null_cs www.yipai360.com/ https://support.qq.com/embed/phone/404375/faqs-list/125375 https://store-bsy.c360dn.com/c39a52ef3ee1d99818ff3e646e51c541.zip https://mclient.alipay.com/home/exterfaceassign.htm http://logback.qos.ch/codes.html#rfa_collision https://woodpecker.uc.cn http://logback.qos.ch/codes.html#earlier_fa_collision https://c360-o2o.c360dn.com/40411e87-71cc-4135-a335-9fd05c8c6a7b https://cfg.imtt.qq.com/tbs?v=2&mk=	自研引擎-S
https://github.com/opencv/opencv/issues/16739 http://openmp.llvm.org/ https://bugs.llvm.org/	lib/arm64-v8a/libAIAutoAdjust.so
https://github.com/opencv/opencv/issues/16739	lib/arm64-v8a/libAIFaceDetection.so
https://github.com/opencv/opencv/issues/16739 http://openmp.llvm.org/ https://bugs.llvm.org/	lib/arm64-v8a/libAISkySegmentation.so
http://openmp.llvm.org/ https://bugs.llvm.org/	lib/arm64-v8a/libomp.so
https://github.com/opencv/opencv/issues/16739 http://openmp.llvm.org/ https://bugs.llvm.org/	lib/arm64-v8a/libPGAITools.so

Firebase配置检测

邮箱地址提取

EMAIL	源码文件
x5tbs@tencent.com	自研引擎-S

第三方追踪器

名称	类别	网址
Yueying Crash SDK	Crash reporting, Analytics	https://reports.exodus-privacy.eu.org/trackers/448

敏感凭证泄露

已显示 45 个secrets

1、 "composite_sdk_key" : "4F521E8A6AAB77CF386A10579F976115FAB1EBC3BB3A0E513D29F9BF65D87100225F7C8E717A1EF27ADF4EAC85E0544EBDCBE9A54B16C33D8858A204E76A6301E3393354FB58B9BB8CE028FABDAB13B9DF95179B463F5CC3C6EDB3BFC4D9E3504F44CA375B0A84D732A1D2A1453F9B8C559048CD79B18DD04146CE93A24DB8C2D89FB34407BE4125B460CCC79B84548F531E9311A16FD5B17B5AAA3979EC518F9A461B7DB3063B0D34DB61788AB2CFD3DF391DF49C6AE5542DEE736F654285F220F100A5CBA97FFB0A468ED6A81B60FEB7001E262862371A709FE7058F6BDA2D0097BB0D8A62FDDDE8616151F3D60532E9360EB499226F70424A1DFA98A4854A8B5F87BC43BA4516C9EF5E55F0979F2B7463186E74B9B3D8DA12CD78FEA943CE272CDEA66DBDD433087A3D2C980EA1A913A30C48653153F75D50ADC1DFC16E3D93E63FA8820959AE8882C8EFA889492C7AB7F8E9141DCE96314CF0D8EA56612F88C480D2D63785981B12BE8C1AB47CB8DE060597383519279D60B647568BDE21EC00401B31670BB2E60EC61C8D48CF220232A887C4707581357606F81B1726DFBF148FF0F0A8D2161442EE522C3B4DE984B26BB3581315047119397041990FDB5D9B650197B51CB91EC8B3140C5C10B34B059D5362F8856664EA0A58DC7E548D724A690351C7A2031D2D4225040CB17B20F100A5CBA97FFBC46CE703372B7A148743DBDE52D62687994C7A8CAA8BBD0F765629048A244F2D33417B502BD3F25E7CFA97F5641CFA819A56D82B918EC9AEF1E17A951C046EBFD81DB61FEBE8EF6B6FC078574E540E1438BA65E0561F797B27A5DA830A1041FF7CFA97F5641CFA8129FFB1D444AB9F09F93ECC9A5EE5B2103251A4D455AEA56C7CFA97F5641CFA8129FFB1D444AB9F0939A77067762F263C68A8CC2C675BD6D8535D16535C90A82FD2238390F11D5735583F032A1208E7E1994C7A8CAA8BBD0F63436BF059FD28E51EC8B3140C5C10B31D6122035DD30B391C4267A4161903C4DEEE180C6AB022DD27D45B4DD616BCF5F0D152669800C70627BC63FB1E54FE88D8A97CAB12FAA32605C1C71A066E7312B8C2424F4609120B70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF173B3037F0543C48128387CC94F63F6A65C73C0CAC359C7BC559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4EFE1AA54631C6EF0F53585743061D205F0D152669800C70627BC63FB1E54FE88D8A97CAB12FAA32605C1C71A066E7312593A0A76019C89B2E3EE6A540659EC36A47D26F2030A719A8D52B473CF94E4A739EAA2BC1612BA928309505F08EDB9685A7431A42C05459B735089CCF741AD577CFA97F5641CFA81025E76F571E4977245062A3A69DD0FBBF98205E4F23E6403E3EE6A540659EC36A47D26F2030A719A8D52B473CF94E4A7EC65E005628B6C707F85740EA68C86E7C0B1374E93184933DAD0B9BA2A5EE65D7287F1AFF184EC9CECA6A2F66693E2C75A74ED6D745324CFE889A2DAC321DBB82F4761935B39DA8D559A24D8E09B46979E1D4344B630F999F87859DFD71A23F44A25F3F5137DE66F3606A0EA2FFDAF4FF612143D117DB0B8559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4477A793F6E2437EFB3DEDD68ACF310F17CFA97F5641CFA81025E76F571E4977239D3302E3250CB9880EFE05EBC2968B270CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BE12B88DEF739A90C7B32BF723230C2F7287F1AFF184EC9CECA6A2F66693E2C719CFC3EFC7A8D86D9C052F25412364F41AEEC209743E432EF0D152669800C70627BC63FB1E54FE88FF349A84FD6C5C25DFD6BB1B1C39D5844DAEE8DC08F725697CFA97F5641CFA81025E76F571E497728EA445B7ACB39101F15C4D836A91597C6520AFB56BE383771EC8B3140C5C10B31D6122035DD30B39F8BBB60D6072AFF985C4380D630BB13070CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1796FFDF5530642151018BFCC33E3B7D070CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1796FFDF553064215C4E9B26E1419EFA7EB4AF97CE01B3C617CFA97F5641CFA81025E76F571E497720D40467365780E8F7EB79F1C82D5525D47017E1CCB45910B93E63FA8820959AE568352A9E960A8D2604CF715FFFD7A475C9EA9A391D1170E559A24D8E09B46979E1D4344B630F999F87859DFD71A23F49A040FA38044EA2F852BB2B9C2A89983F0D152669800C70627BC63FB1E54FE88752FD5EA8FAD900AB7BFFEC4A085824361BBD20DCED48F207287F1AFF184EC9CECA6A2F66693E2C7C6590DBC6D9CB1E6C48B0DDD3684718470CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1F1338F6FE0928799DAB6296C9DA90D007287F1AFF184EC9CECA6A2F66693E2C7C6590DBC6D9CB1E64573A0A64445FBE470CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1C7D60CC598FB63D5967BC7079E77A1E57287F1AFF184EC9CECA6A2F66693E2C731AEB6EBDAC6FB4036EC7774BFFD2C04A3CABD31CEACDDEEF0D152669800C70627BC63FB1E54FE889E1F7AFC7B2F89EC75B61C48BBC8DA486520AFB56BE383771EC8B3140C5C10B31D6122035DD30B391984388149364DDFDF6D73BA51089F75AC0D25F082359884A47D26F2030A719A8D52B473CF94E4A74B53B64E5567954DDE890440492686A2440AB07D24D951DC70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E1B3C66A1E85FC3F4947017E1CCB45910B93E63FA8820959AE568352A9E960A8D2D73091457CBACBF45983BC95AF66737570CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E11FBEA7EEE885F4306520AFB56BE383771EC8B3140C5C10B31D6122035DD30B3983CFFCD7671A58BC94EA9734B6F91AE270CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E1389F7E7DB4E81478EB4AF97CE01B3C617CFA97F5641CFA81025E76F571E49772FD88F93E9B9DD146EE7E34F6F9CB9C63D1E05EB691D338C37287F1AFF184EC9CECA6A2F66693E2C7702F76120FF6ADE0889059CE3B8A14CC0EB2861D4C25511547017E1CCB45910B93E63FA8820959AE568352A9E960A8D25A2CF0FD173521F630AA7BD7FDB7FD5FA3CABD31CEACDDEEF0D152669800C70627BC63FB1E54FE88D61423336407E2459DD200BF1AAFE6F670CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1FDAE350EF44B143C963B389AF32A86A4A47D26F2030A719A8D52B473CF94E4A724719D0F8B44E0497B70C9EB6C3EDBB64F7AC23830786D947CFA97F5641CFA81025E76F571E4977243F757B36992A71C5032F93835D3A0FA90F3A806B9272B607287F1AFF184EC9CECA6A2F66693E2C75788AA99DEBD6807325B394E1DE72E28FF53580A1F18538C6520AFB56BE383771EC8B3140C5C10B31D6122035DD30B398EB62D4197DF608CF8EF5FAB33217549B6D00DAEDA4DD041F0D152669800C70627BC63FB1E54FE8843720D22FA47720D55534C1FBCCC4097E90AB35305789DC670CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1B9B5E50A3757BDBA5B120755E701CF931AEE475A3148EEDF7287F1AFF184EC9CECA6A2F66693E2C79A47BD8A1AAFFCCC7C3A9C2FFFF8267B70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1A39DD698EE2B621204D747701049EB787287F1AFF184EC9CECA6A2F66693E2C78EC721CE81F65B4FFE6D9141414AAB23439FEE431D2A109AA47D26F2030A719A8D52B473CF94E4A74B53B64E5567954D3FD92C8076749C8049D63B49544EAE22559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4C6887BAE6EF35D9AE727DF88C8E12626AC0D25F082359884A47D26F2030A719A8D52B473CF94E4A791BDF2810CC4B7EDBE9EA338F18127DB7897DAD57F865C1770CEE92160E5322A55219D8F755AC97FA603C591EF7B9D60A3A5EBA2ACBFA368A47D26F2030A719A8D52B473CF94E4A7C6A8FE5516AEA935F1C85535C9BC69E67CFA97F5641CFA819BD204B00C300067AF16610481DE8A49B3D819A29076F47C9A9B1CA5864DDE79ABD7A436C7820A5E76378FCE9991964850EADA7590E8C30EF3FBD73B16C4C0A889548EE23834F3CB"
2、 "composite_sdk_param_Secret" : "Secret"
3、 413872524d9a10bb1537009834992
4、 gYBXs4GuUnLN7McYO37akhyLyKLeW99I02gaxgdU1U8=
5、 6b66ef08-204f-40a6-864f-83fe3a3f5b66
6、 e3aef39b-2eca-4529-8ca7-4d58207b7060
7、 b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649
8、 7bfa4735-89a4-4d0d-9299-c02c1ce38cdd
9、 4948e889-3f9c-4a4c-b7a5-6b1d01f34998
10、 958fe3d4-3f56-4de9-819c-6b39c477638f
11、 0ae64230-6c9d-4f5a-a0d1-ea95d6b5cd2a
12、 40411e87-71cc-4135-a335-9fd05c8c6a7b
13、 e6b1bdcb890370f2f2419fe06d0fdf7628ad0083d52da1ecfe991164711bbf9297e75353de96f1740695d07610567b1240549af9cbd87d06919ac31c859ad37ab6907c311b4756e1e208775989a4f691bff4bbbc58174d2a96b1d0d970a05114d7ee57dfc33b1bafaf6e0d820e838427018b6435f903df04ba7fd34d73f843df9434b164e0220baabb10c8978c3f4c6b7da79d8220a968356d15090dea07df9606f665cbec14d218dd3d691cce2866a58840971b6a57b76af88b1a65fdffd2c080281a6ab20be5879e0330eb7ff70871ce684e7174ada5dc3159c461375a0796b17ce7beca83cf34f65976d237aee993db48d34a4e344f4d8b7e99119168bdd7
14、 d68bd3e17ec59119b1c8d4e91c43e587
15、 4F521E8A6AAB77CF386A10579F976115FAB1EBC3BB3A0E513D29F9BF65D87100225F7C8E717A1EF27ADF4EAC85E0544EBDCBE9A54B16C33D8858A204E76A6301E3393354FB58B9BB8CE028FABDAB13B9DF95179B463F5CC3C6EDB3BFC4D9E3504F44CA375B0A84D732A1D2A1453F9B8C559048CD79B18DD04146CE93A24DB8C2D89FB34407BE4125B460CCC79B84548F531E9311A16FD5B17B5AAA3979EC518F9A461B7DB3063B0D34DB61788AB2CFD3DF391DF49C6AE5542DEE736F654285F220F100A5CBA97FFB0A468ED6A81B60FEB7001E262862371A709FE7058F6BDA2D0097BB0D8A62FDDDE8616151F3D60532E9360EB499226F70424A1DFA98A4854A8B5F87BC43BA4516C9EF5E55F0979F2B7463186E74B9B3D8DA12CD78FEA943CE272CDEA66DBDD433087A3D2C980EA1A913A30C48653153F75D50ADC1DFC16E3D93E63FA8820959AE8882C8EFA889492C7AB7F8E9141DCE96314CF0D8EA56612F88C480D2D63785981B12BE8C1AB47CB8DE060597383519279D60B647568BDE21EC00401B31670BB2E60EC61C8D48CF220232A887C4707581357606F81B1726DFBF148FF0F0A8D2161442EE522C3B4DE984B26BB3581315047119397041990FDB5D9B650197B51CB91EC8B3140C5C10B34B059D5362F8856664EA0A58DC7E548D724A690351C7A2031D2D4225040CB17B20F100A5CBA97FFBC46CE703372B7A148743DBDE52D62687994C7A8CAA8BBD0F765629048A244F2D33417B502BD3F25E7CFA97F5641CFA819A56D82B918EC9AEF1E17A951C046EBFD81DB61FEBE8EF6B6FC078574E540E1438BA65E0561F797B27A5DA830A1041FF7CFA97F5641CFA8129FFB1D444AB9F09F93ECC9A5EE5B2103251A4D455AEA56C7CFA97F5641CFA8129FFB1D444AB9F0939A77067762F263C68A8CC2C675BD6D8535D16535C90A82FD2238390F11D5735583F032A1208E7E1994C7A8CAA8BBD0F63436BF059FD28E51EC8B3140C5C10B31D6122035DD30B391C4267A4161903C4DEEE180C6AB022DD27D45B4DD616BCF5F0D152669800C70627BC63FB1E54FE88D8A97CAB12FAA32605C1C71A066E7312B8C2424F4609120B70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF173B3037F0543C48128387CC94F63F6A65C73C0CAC359C7BC559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4EFE1AA54631C6EF0F53585743061D205F0D152669800C70627BC63FB1E54FE88D8A97CAB12FAA32605C1C71A066E7312593A0A76019C89B2E3EE6A540659EC36A47D26F2030A719A8D52B473CF94E4A739EAA2BC1612BA928309505F08EDB9685A7431A42C05459B735089CCF741AD577CFA97F5641CFA81025E76F571E4977245062A3A69DD0FBBF98205E4F23E6403E3EE6A540659EC36A47D26F2030A719A8D52B473CF94E4A7EC65E005628B6C707F85740EA68C86E7C0B1374E93184933DAD0B9BA2A5EE65D7287F1AFF184EC9CECA6A2F66693E2C75A74ED6D745324CFE889A2DAC321DBB82F4761935B39DA8D559A24D8E09B46979E1D4344B630F999F87859DFD71A23F44A25F3F5137DE66F3606A0EA2FFDAF4FF612143D117DB0B8559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4477A793F6E2437EFB3DEDD68ACF310F17CFA97F5641CFA81025E76F571E4977239D3302E3250CB9880EFE05EBC2968B270CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BE12B88DEF739A90C7B32BF723230C2F7287F1AFF184EC9CECA6A2F66693E2C719CFC3EFC7A8D86D9C052F25412364F41AEEC209743E432EF0D152669800C70627BC63FB1E54FE88FF349A84FD6C5C25DFD6BB1B1C39D5844DAEE8DC08F725697CFA97F5641CFA81025E76F571E497728EA445B7ACB39101F15C4D836A91597C6520AFB56BE383771EC8B3140C5C10B31D6122035DD30B39F8BBB60D6072AFF985C4380D630BB13070CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1796FFDF5530642151018BFCC33E3B7D070CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1796FFDF553064215C4E9B26E1419EFA7EB4AF97CE01B3C617CFA97F5641CFA81025E76F571E497720D40467365780E8F7EB79F1C82D5525D47017E1CCB45910B93E63FA8820959AE568352A9E960A8D2604CF715FFFD7A475C9EA9A391D1170E559A24D8E09B46979E1D4344B630F999F87859DFD71A23F49A040FA38044EA2F852BB2B9C2A89983F0D152669800C70627BC63FB1E54FE88752FD5EA8FAD900AB7BFFEC4A085824361BBD20DCED48F207287F1AFF184EC9CECA6A2F66693E2C7C6590DBC6D9CB1E6C48B0DDD3684718470CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1F1338F6FE0928799DAB6296C9DA90D007287F1AFF184EC9CECA6A2F66693E2C7C6590DBC6D9CB1E64573A0A64445FBE470CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1C7D60CC598FB63D5967BC7079E77A1E57287F1AFF184EC9CECA6A2F66693E2C731AEB6EBDAC6FB4036EC7774BFFD2C04A3CABD31CEACDDEEF0D152669800C70627BC63FB1E54FE889E1F7AFC7B2F89EC75B61C48BBC8DA486520AFB56BE383771EC8B3140C5C10B31D6122035DD30B391984388149364DDFDF6D73BA51089F75AC0D25F082359884A47D26F2030A719A8D52B473CF94E4A74B53B64E5567954DDE890440492686A2440AB07D24D951DC70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E1B3C66A1E85FC3F4947017E1CCB45910B93E63FA8820959AE568352A9E960A8D2D73091457CBACBF45983BC95AF66737570CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E11FBEA7EEE885F4306520AFB56BE383771EC8B3140C5C10B31D6122035DD30B3983CFFCD7671A58BC94EA9734B6F91AE270CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1BF68A17F52D094E1389F7E7DB4E81478EB4AF97CE01B3C617CFA97F5641CFA81025E76F571E49772FD88F93E9B9DD146EE7E34F6F9CB9C63D1E05EB691D338C37287F1AFF184EC9CECA6A2F66693E2C7702F76120FF6ADE0889059CE3B8A14CC0EB2861D4C25511547017E1CCB45910B93E63FA8820959AE568352A9E960A8D25A2CF0FD173521F630AA7BD7FDB7FD5FA3CABD31CEACDDEEF0D152669800C70627BC63FB1E54FE88D61423336407E2459DD200BF1AAFE6F670CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1FDAE350EF44B143C963B389AF32A86A4A47D26F2030A719A8D52B473CF94E4A724719D0F8B44E0497B70C9EB6C3EDBB64F7AC23830786D947CFA97F5641CFA81025E76F571E4977243F757B36992A71C5032F93835D3A0FA90F3A806B9272B607287F1AFF184EC9CECA6A2F66693E2C75788AA99DEBD6807325B394E1DE72E28FF53580A1F18538C6520AFB56BE383771EC8B3140C5C10B31D6122035DD30B398EB62D4197DF608CF8EF5FAB33217549B6D00DAEDA4DD041F0D152669800C70627BC63FB1E54FE8843720D22FA47720D55534C1FBCCC4097E90AB35305789DC670CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1B9B5E50A3757BDBA5B120755E701CF931AEE475A3148EEDF7287F1AFF184EC9CECA6A2F66693E2C79A47BD8A1AAFFCCC7C3A9C2FFFF8267B70CEE92160E5322A55219D8F755AC97F5CA5AB02BD7BCAF1A39DD698EE2B621204D747701049EB787287F1AFF184EC9CECA6A2F66693E2C78EC721CE81F65B4FFE6D9141414AAB23439FEE431D2A109AA47D26F2030A719A8D52B473CF94E4A74B53B64E5567954D3FD92C8076749C8049D63B49544EAE22559A24D8E09B46979E1D4344B630F999F87859DFD71A23F4C6887BAE6EF35D9AE727DF88C8E12626AC0D25F082359884A47D26F2030A719A8D52B473CF94E4A791BDF2810CC4B7EDBE9EA338F18127DB7897DAD57F865C1770CEE92160E5322A55219D8F755AC97FA603C591EF7B9D60A3A5EBA2ACBFA368A47D26F2030A719A8D52B473CF94E4A7C6A8FE5516AEA935F1C85535C9BC69E67CFA97F5641CFA819BD204B00C300067AF16610481DE8A49B3D819A29076F47C9A9B1CA5864DDE79ABD7A436C7820A5E76378FCE9991964850EADA7590E8C30EF3FBD73B16C4C0A889548EE23834F3CB
16、 05f72a0600ffff0022025ac7ea91b205
17、 c39a52ef3ee1d99818ff3e646e51c541
18、 e731e10d-9362-4b09-b2a5-8edce39c2f5b
19、 c80a1ba9-da24-4efb-9dac-0f94f0c32a04
20、 1957b82a-7919-4812-b55b-074813d7df07
21、 3b957206-f3b9-4188-ae07-4825e176594f
22、 9dd1b930-130f-432e-9d07-deea27b63b64
23、 f9e4af3d-786c-4c21-b215-08bdbacd2937
24、 fcf594afc6a1429f1547022895884
25、 932ebc42-5fa1-4476-b118-46b71eb192a9
26、 4445bda9-5884-415e-9569-4698fd9f195a
27、 b1d7c815-3083-438d-925c-9d2c4043e2fc
28、 acd67fcb-efbd-4f95-be38-72849ee7017d
29、 0716be20-daeb-43e5-8f96-b13dd746a323
30、 bfb26292-574a-4f8d-bb1f-d722b11b314d
31、 f72f659f2133eed1536982598608
32、 ab83ee0e-4756-4ffa-a151-26e27f2c0555
33、 5516c030-bfc0-4319-9c4b-440d29d8ada1
34、 0a625fe1f7f3de2313142d33822d9de3
35、 d51f83f8-5227-415a-8b0e-bbc51fe448df
36、 b4fc6572-d153-493b-aacf-8f668948b1bf
37、 9d68117b-a603-4035-ab9c-9f30db7b7155
38、 f5dfc7e0-9388-4747-b317-419dfcf9c0f3
39、 297c4a84-40bc-4d25-81be-8becbb34f0e6
40、 QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK
41、 fb118ce9b53288566f5b5780a883dc54
42、 b93b0479-03a1-4c42-b6a1-0b83d0c5ed3b
43、 4ce0e2e3-3dc5-4ecc-adfc-3903c791ba3f
44、 06cde7e5-dc52-40a1-b938-260cf5f17faf
45、 5066a78f-caf3-479f-931c-8adae9131cca

字符串信息

建议导出为TXT，方便查看。

活动列表

显示 22 个 activities

服务列表

显示 3 个 services

广播接收者列表

内容提供者列表

显示 3 个 providers

第三方SDK

SDK名称	开发者	描述信息
C++ 共享库	Android	在 Android 应用中运行原生代码。
Conscrypt	Google	Conscrypt 是一个 Java 安全提供程序 (JSP)，它实现了部分 Java 加密扩展 (JCE) 和 Java 安全套接字扩展 (JSSE)。它使用 BoringSSL 为 Android 和 OpenJDK 上的 Java 应用程序提供加密原语和传输层安全性 (TLS)。有关所提供内容的详细信息，请参阅功能文档。
岳鹰全景监控	Alibaba	岳鹰全景监控，是阿里 UC 官方出品的先进移动应用线上监控平台，为多家知名企业提供服务。
日志服务 SLS	Aliyun	日志服务 SLS 是云原生观测与分析平台，为 Log、Metric、Trace 等数据提供大规模、低成本、实时的平台化服务。日志服务一站式提供数据采集、加工、查询与分析、可视化、告警、消费与投递等功能，全面提升您在研发、运维、运营、安全等场景的数字化能力。
支付宝 SDK	Alipay	支付宝开放平台基于支付宝海量用户，将强大的支付、营销、数据能力，通过接口等形式开放给第三方合作伙伴，帮助第三方合作伙伴创建更具竞争力的应用。
File Provider	Android	FileProvider 是 ContentProvider 的特殊子类，它通过创建 content://Uri 代替 file:///Uri 以促进安全分享与应用程序关联的文件。
Jetpack App Startup	Google	App Startup 库提供了一种直接，高效的方法来在应用程序启动时初始化组件。库开发人员和应用程序开发人员都可以使用 App Startup 来简化启动顺序并显式设置初始化顺序。App Startup 允许您定义共享单个内容提供程序的组件初始化程序，而不必为需要初始化的每个组件定义单独的内容提供程序。这可以大大缩短应用启动时间。
DRouter	Didi	DRouter 是 18 年滴滴乘客端自研的一套 Android 路由框架，基于平台化解耦的思想，为组件间通信服务。该项目以功能全面、易用为原则，支持各种路由场景，在页面路由、服务获取和过滤、跨进程及应用、VirtualApk 插件支持等方面都能提供多样化的服务。目前已在滴滴乘客端、顺风车、单车、国际化、滴滴定制车等十多个滴滴的 app 内使用，得到各种场景的验证。
Jetpack Media	Google	与其他应用共享媒体内容和控件。已被 media2 取代。
Jetpack Room	Google	Room 持久性库在 SQLite 的基础上提供了一个抽象层，让用户能够在充分利用 SQLite 的强大功能的同时，获享更强健的数据库访问机制。

文件列表

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析