梦幻遮天 1.0.2版本 | 静态分析 _南明离火移动安全分析平台

温馨提示：本平台仅供研究软件风险、安全评估，禁止用于非法用途。由于展示的数据过于全面，请耐心等待加载完成。如有疑问或建议，可加入我们的微信群讨论

应用图标

文件信息

文件名称 563_14487_521202_tjqymhzt(menghuanzhetian).apk
文件大小 9.41MB
MD5 3807cd0f523536c12535bcac1f8dec1f
SHA1 679f264f20981bcf60fd6417d92fa50d5d1e00b5
SHA256 6f972e49593103ad7f20b76550a2fb410d341f5bd07d50f76c1c53e884efafd4
病毒检测无法判定

应用信息

应用名称梦幻遮天
包名 com.tjqymhztand.game
主活动 com.lgame.sdk.view.MainActivity
目标SDK 26 最小SDK 21
版本号 1.0.2 子版本号 20240601
加固信息未加壳

非法应用检测（该功能即将上线，识别赌博、诈骗、色情和黑产等类型应用）

组件导出信息

查看

扫描选项

重新扫描管理规则动态分析

反编译代码

Manifest文件查看

APK文件成为会员，解锁下载

Java源代码查看 -- 下载

证书信息

二进制文件已签名
v1 签名: True
v2 签名: False
v3 签名: False
v4 签名: False
主题: C=cn, ST=gz, L=gd, O=gz, OU=dl, CN=dl
签名算法: rsassa_pkcs1v15
有效期自: 2019-10-31 03:22:50+00:00
有效期至: 2044-10-24 03:22:50+00:00
发行人: C=cn, ST=gz, L=gd, O=gz, OU=dl, CN=dl
序列号: 0x5cd93145
哈希算法: sha256
证书MD5: 885c9a29348b08d18e2cd8d463e35c56
证书SHA1: 974f6fd7196d694169cbc4e542737b89baf21e17
证书SHA256: cc84bf532fbeed772c6a41bc3c42fdf9b82e557d035ddc3037267ff900b51180
证书SHA512: a5d51f695ca0143e41fb84d7dfb725520f4b314b1f836a81ecf31b76233bf842b83127d5bdd104abb7ea114737e3d1030eee79d04d8c14bf42f1afe42efef49f
找到 1 个唯一证书

应用程序权限

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.ACCESS_COARSE_LOCATION	危险	获取粗略位置	通过WiFi或移动基站的方式获取用户错略的经纬度信息，定位精度大概误差在30~1500米。恶意程序可以用它来确定您的大概位置。	显示文件 com/unionpay/sdk/f.java com/unionpay/utils/e.java
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 a/a/a/b/d.java a/a/a/g/c.java a/a/a/g/d.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/lqgame/sdk/utils/NetworkUtil.java cn/lqgame/sdk/utils/SimCardUtil.java cn/thinkingdata/android/k.java com/chuanglan/shanyan_sdk/utils/h.java com/sdk/a/a.java com/sdk/n/a.java com/sdk/x/a.java com/switfpass/pay/MainApplication.java com/switfpass/pay/thread/NetHelper.java com/unionpay/UPPayAssistEx.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/utils/e.java
android.permission.ACCESS_WIFI_STATE	普通	查看Wi-Fi状态	允许应用程序查看有关Wi-Fi状态的信息。	显示文件 a/a/a/b/d.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/thinkingdata/android/k.java com/chuanglan/shanyan_sdk/utils/h.java com/sdk/a/a.java com/sdk/x/a.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/utils/e.java
android.permission.CALL_PHONE	危险	直接拨打电话	允许应用程序直接拨打电话。恶意程序会在用户未知的情况下拨打电话造成损失。但不被允许拨打紧急电话。	显示文件 a/a/a/f/b.java
android.permission.CAMERA	危险	拍照和录制视频	允许应用程序拍摄照片和视频，且允许应用程序收集相机在任何时候拍到的图像。	显示文件 com/switfpass/pay/activity/zxing/camera/CameraManager.java
android.permission.CHANGE_NETWORK_STATE	危险	改变网络连通性	允许应用程序改变网络连通性。	显示文件 cn/thinkingdata/android/k.java com/sdk/a/a.java com/sdk/x/a.java
android.permission.CHANGE_WIFI_STATE	危险	改变Wi-Fi状态	允许应用程序改变Wi-Fi状态。	显示文件 com/unionpay/sdk/f.java
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION	普通	后台下载文件	这个权限是允许应用通过下载管理器下载文件，且不对用户进行任何提示。	显示文件 cn/lqgame/sdk/utils/FileStoreManager.java
android.permission.GET_PACKAGE_SIZE	普通	测量应用程序空间大小	允许一个程序获取任何package占用空间容量。
android.permission.GET_TASKS	危险	检索当前运行的应用程序	允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。	显示文件 cn/lqgame/sdk/floatwind/FloatWindowService.java cn/lqgame/sdk/login/view/Permissions.java cn/thinkingdata/android/utils/g.java
android.permission.INSTALL_PACKAGES	签名(系统)	请求安装APP	允许应用程序安装全新的或更新的 Android 包。恶意应用程序可能会借此添加其具有任意权限的新应用程序。
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 a/a/a/b/d.java a/a/a/e/c.java cn/lqgame/sdk/common/GetDataImpl.java cn/lqgame/sdk/share/SystemShareManager.java cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/utils/d.java com/chuanglan/shanyan_sdk/e/c.java com/chuanglan/shanyan_sdk/e/d.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/sdk/a/a.java com/sdk/a/c.java com/sdk/a/d.java com/sdk/c/a.java com/sdk/c/c.java com/switfpass/pay/thread/NetHelper.java com/unionpay/a/a.java com/unionpay/a/c.java com/unionpay/sdk/b.java
android.permission.MODIFY_AUDIO_SETTINGS	危险	允许应用修改全局音频设置	允许应用程序修改全局音频设置，如音量。多用于消息语音功能。
android.permission.NFC	危险	控制nfc功能	允许应用程序与支持nfc的物体交互。	显示文件 com/unionpay/UPPayAssistEx.java com/unionpay/sdk/e.java
android.permission.READ_EXTERNAL_STORAGE	危险	读取SD卡内容	允许应用程序从SD卡读取信息。	显示文件 a/a/a/b/d.java cn/lqgame/sdk/JudgeMIUI.java cn/lqgame/sdk/floatwind/DownUpdateBroadcastReceiver.java cn/lqgame/sdk/utils/FileStoreManager.java cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/utils/r.java com/bun/miitmdid/core/JLibrary.java com/bun/miitmdid/core/Utils.java com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/sdk/a/d.java com/unionpay/a.java com/unionpay/sdk/b.java com/unionpay/sdk/d.java com/unionpay/sdk/e.java com/unionpay/utils/b.java
android.permission.READ_LOGS	危险	读取系统日志文件	允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况，这些信息还可能包含用户个人信息或保密信息，造成隐私数据泄露。
android.permission.READ_PHONE_STATE	危险	读取手机状态和标识	允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号，是否正在通话，以及对方的号码等。	显示文件 a/a/a/g/d.java cn/lqgame/sdk/utils/DeviceInfoManager.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/utils/e.java
android.permission.RECEIVE_USER_PRESENT	普通	允许程序唤醒机器	允许应用可以接收点亮屏幕或解锁广播。
android.permission.RECORD_AUDIO	危险	获取录音权限	允许应用程序获取录音权限。
android.permission.SEND_SMS	危险	发送短信	允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息，给您带来费用。
android.permission.SYSTEM_ALERT_WINDOW	危险	弹窗	允许应用程序弹窗。恶意程序可以接管手机的整个屏幕。	显示文件 a/a/a/b/d.java cn/lqgame/sdk/baseview/BaseView.java cn/lqgame/sdk/floatwind/BaseFloatWindow.java cn/lqgame/sdk/floatwind/CustomPopWindow.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowView.java cn/lqgame/sdk/floatwind/FloatWindowViewNew.java cn/lqgame/sdk/floatwind/FloatWindowViewSimple.java cn/lqgame/sdk/floatwind/MyWindowManager.java cn/lqgame/sdk/floatwind/WindowServer.java cn/lqgame/sdk/login/utils/ConfigUtils.java cn/lqgame/sdk/login/view/DynamicNotice.java cn/thinkingdata/android/k.java com/switfpass/pay/activity/zxing/camera/b.java com/unionpay/sdk/r.java
android.permission.WAKE_LOCK	危险	防止手机休眠	允许应用程序防止手机休眠，在手机屏幕关闭后后台进程仍然运行。	显示文件 a/a/a/b/d.java com/chuanglan/shanyan_sdk/tool/r.java com/chuanglan/shanyan_sdk/view/a.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 cn/lqgame/sdk/login/utils/AccountHelper.java cn/lqgame/sdk/login/utils/ImageUtils.java cn/lqgame/sdk/share/SystemShareManager.java cn/lqgame/sdk/utils/FileStoreManager.java cn/lqgame/sdk/utils/LqLogUtil.java com/bun/miitmdid/core/Utils.java com/nostra13/universalimageloader/cache/disc/impl/BaseDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java com/sdk/c/a.java com/unionpay/UPPayAssistEx.java com/unionpay/a.java com/unionpay/sdk/b.java com/unionpay/sdk/d.java com/unionpay/utils/j.java
android.permission.WRITE_SETTINGS	危险	修改全局系统设置	允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。
org.simalliance.openmobileapi.SMARTCARD	未知	未知权限	来自 android 引用的未知权限。
android.permission.MANAGE_EXTERNAL_STORAGE	危险	文件列表访问权限	Android11新增权限，读取本地文件，如简历，聊天图片。
android.permission.READ_PHONE_NUMBERS	危险	允许读取设备的电话号码	允许读取设备的电话号码。这是READ PHONE STATE授予的功能的一个子集，但对即时应用程序公开。	显示文件 com/unionpay/utils/e.java
com.asus.msa.SupplementaryDID.ACCESS	普通	获取厂商oaid相关权限	获取设备标识信息oaid，在华硕设备上需要用到的权限。

证书安全分析

高危

1

警告

0

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名
应用程序存在Janus漏洞	高危	应用程序使用了v1签名方案进行签名，如果只使用v1签名方案，那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序，以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。

MANIFEST分析

高危

0

警告

5

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 5.0-5.0.2, [minSdk=21]	信息	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 com.tjqymhztand.game 禁止使用 vulnerable_os_version 规则
2	应用程序数据存在被泄露的风险未设置[android:allowBackup]标志	警告	这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true，允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。	对应用 com.tjqymhztand.game 禁止使用 allowbackup_not_set 规则
3	Activity设置了TaskAffinity属性 (com.tjqymhztand.game.wxapi.WXEntryActivity)	警告	如果设置了 taskAffinity，其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息，请始终使用默认设置，将 affinity 保持为包名	对应用 com.tjqymhztand.game 禁止使用 activity_task_affinity_set 规则
4	Activity (cn.lqgame.sdk.pay.PayWebView) 未被保护。存在一个intent-filter。	警告	发现 Activity与设备上的其他应用程序共享，因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。	对应用 com.tjqymhztand.game 禁止使用 activity_exported_intent_filter_exists 规则
5	Broadcast Receiver (cn.lqgame.sdk.floatwind.DownUpdateBroadcastReceiver) 未被保护。存在一个intent-filter。	警告	发现 Broadcast Receiver与设备上的其他应用程序共享，因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。	对应用 com.tjqymhztand.game 禁止使用 receiver_exported_intent_filter_exists 规则
6	Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。存在一个intent-filter。	警告	发现 Activity与设备上的其他应用程序共享，因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。	对应用 com.tjqymhztand.game 禁止使用 activity_exported_intent_filter_exists 规则

可浏览的Activity组件

ACTIVITY	INTENT
cn.lqgame.sdk.pay.PayWebView	Schemes: a://,

网络通信安全

序号	范围	严重级别	描述

API调用分析

API功能	源码文件
一般功能-> 文件操作	显示文件 a/a/a/b/d.java a/a/a/b/e.java a/a/a/e/c.java cn/lqgame/sdk/JudgeMIUI.java cn/lqgame/sdk/common/GetDataImpl.java cn/lqgame/sdk/crash/LqCrashHandler.java cn/lqgame/sdk/entity/LQgameBaseInfo.java cn/lqgame/sdk/entity/PayCouponBean.java cn/lqgame/sdk/floatwind/DownUpdateBroadcastReceiver.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java cn/lqgame/sdk/login/ProtocolView.java cn/lqgame/sdk/login/utils/AccountHelper.java cn/lqgame/sdk/login/utils/ImageUtils.java cn/lqgame/sdk/login/view/Permissions.java cn/lqgame/sdk/pay/NewPayActivity.java cn/lqgame/sdk/pay/PayCbJsInterface.java cn/lqgame/sdk/pay/PayWebView.java cn/lqgame/sdk/service/CustomerActivity.java cn/lqgame/sdk/share/SystemShareManager.java cn/lqgame/sdk/utils/CheckSimulator.java cn/lqgame/sdk/utils/CommMessage.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/lqgame/sdk/utils/FileStoreManager.java cn/lqgame/sdk/utils/LqLogUtil.java cn/lqgame/sdk/utils/WXAPIUtil.java cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/aop/push/TAPushUtils.java cn/thinkingdata/android/b.java cn/thinkingdata/android/c.java cn/thinkingdata/android/crash/CrashLogListener.java cn/thinkingdata/android/i.java cn/thinkingdata/android/k.java cn/thinkingdata/android/l.java cn/thinkingdata/android/q/h.java cn/thinkingdata/android/q/i.java cn/thinkingdata/android/q/j.java cn/thinkingdata/android/q/k.java cn/thinkingdata/android/q/m.java cn/thinkingdata/android/q/o.java cn/thinkingdata/android/q/p.java cn/thinkingdata/android/q/q.java cn/thinkingdata/android/q/s.java cn/thinkingdata/android/q/t.java cn/thinkingdata/android/utils/d.java cn/thinkingdata/android/utils/r.java com/bun/miitmdid/core/JLibrary.java com/bun/miitmdid/core/Utils.java com/bun/miitmdid/core/ZipUtils.java com/bytedance/hume/readapk/HumeSDK.java com/bytedance/hume/readapk/a.java com/bytedance/hume/readapk/a/a.java com/bytedance/hume/readapk/d.java com/chinaums/pppay/unify/SocketFactory.java com/chinaums/pppay/unify/UnifyUtils.java com/chuanglan/shanyan_sdk/b/a.java com/chuanglan/shanyan_sdk/b/c.java com/chuanglan/shanyan_sdk/e/a.java com/chuanglan/shanyan_sdk/e/c.java com/chuanglan/shanyan_sdk/e/d.java com/chuanglan/shanyan_sdk/tool/o.java com/chuanglan/shanyan_sdk/utils/b.java com/chuanglan/shanyan_sdk/utils/g.java com/chuanglan/shanyan_sdk/utils/m.java com/chuanglan/shanyan_sdk/utils/t.java com/chuanglan/shanyan_sdk/utils/v.java com/chuanglan/shanyan_sdk/utils/w.java com/chuanglan/shanyan_sdk/utils/x.java com/kwai/monitor/payload/TurboHelper.java com/kwai/monitor/payload/a.java com/kwai/monitor/payload/b.java com/kwai/monitor/payload/d.java com/nostra13/universalimageloader/cache/disc/DiskCache.java com/nostra13/universalimageloader/cache/disc/impl/BaseDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/LimitedAgeDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/UnlimitedDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/LruDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/StrictLineReader.java com/nostra13/universalimageloader/cache/disc/impl/ext/Util.java com/nostra13/universalimageloader/core/DefaultConfigurationFactory.java com/nostra13/universalimageloader/core/ImageLoaderConfiguration.java com/nostra13/universalimageloader/core/ImageLoaderEngine.java com/nostra13/universalimageloader/core/LoadAndDisplayImageTask.java com/nostra13/universalimageloader/core/assist/ContentLengthInputStream.java com/nostra13/universalimageloader/core/assist/FlushedInputStream.java com/nostra13/universalimageloader/core/assist/deque/LinkedBlockingDeque.java com/nostra13/universalimageloader/core/decode/BaseImageDecoder.java com/nostra13/universalimageloader/core/decode/ImageDecoder.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/nostra13/universalimageloader/core/download/ImageDownloader.java com/nostra13/universalimageloader/utils/DiskCacheUtils.java com/nostra13/universalimageloader/utils/IoUtils.java com/nostra13/universalimageloader/utils/StorageUtils.java com/sdk/a/a.java com/sdk/a/c.java com/sdk/a/d.java com/sdk/a/e.java com/sdk/base/api/ToolUtils.java com/sdk/base/framework/bean/OauthResultMode.java com/sdk/base/framework/utils/log/LogFile.java com/sdk/c/a.java com/sdk/c/c.java com/sdk/d/f.java com/sdk/j/a.java com/sdk/p/d.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/zxing/camera/CameraManager.java com/switfpass/pay/bean/MchBean.java com/switfpass/pay/bean/OrderBena.java com/switfpass/pay/bean/RequestMsg.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/switfpass/pay/utils/XmlUtils.java com/unionpay/UPPayAssistEx.java com/unionpay/WebViewJavascriptBridge.java com/unionpay/a.java com/unionpay/a/a.java com/unionpay/a/c.java com/unionpay/sdk/a.java com/unionpay/sdk/b.java com/unionpay/sdk/bc.java com/unionpay/sdk/c.java com/unionpay/sdk/d.java com/unionpay/sdk/e.java com/unionpay/sdk/g.java com/unionpay/sdk/h.java com/unionpay/sdk/k.java com/unionpay/sdk/m.java com/unionpay/sdk/p.java com/unionpay/sdk/w.java com/unionpay/utils/UPUtils.java com/unionpay/utils/b.java com/unionpay/utils/g.java com/unionpay/utils/j.java
加密解密-> 信息摘要算法	显示文件 a/a/a/b/d.java a/a/a/f/c/d.java cn/lqgame/sdk/common/Md5.java com/bytedance/dr/impl/k.java com/chinaums/pppay/unify/UnifyMd5.java com/chuanglan/shanyan_sdk/c/f.java com/chuanglan/shanyan_sdk/tool/j.java com/chuanglan/shanyan_sdk/utils/b.java com/chuanglan/shanyan_sdk/utils/j.java com/nostra13/universalimageloader/cache/disc/naming/Md5FileNameGenerator.java com/sdk/b/a.java com/sdk/i/a.java com/sdk/q/b.java com/switfpass/pay/utils/MD5.java com/switfpass/pay/utils/Rsa.java com/switfpass/pay/utils/Util.java com/unionpay/sdk/av.java com/unionpay/sdk/b.java com/unionpay/sdk/k.java com/unionpay/utils/UPUtils.java com/unionpay/utils/b.java
网络通信-> TCP套接字	显示文件 com/chinaums/pppay/unify/SocketFactory.java com/sdk/a/c.java com/sdk/b/a.java com/sdk/x/a.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/W.java com/unionpay/a/a.java com/unionpay/sdk/f.java
网络通信-> SSL证书处理	显示文件 cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/utils/d.java cn/thinkingdata/android/utils/i.java com/chinaums/pppay/unify/SocketFactory.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/switfpass/pay/utils/W.java com/unionpay/sdk/b.java
调用java反射机制	显示文件 a/a/a/b/d.java a/a/a/c/b.java a/a/a/c/c.java a/a/a/c/j.java a/a/a/c/k.java a/a/a/f/a.java a/a/a/f/b.java a/a/a/g/a.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/lqgame/sdk/utils/NetworkUtil.java cn/thinkingdata/android/ThinkingAnalyticsSDK.java cn/thinkingdata/android/ThinkingDataRuntimeBridge.java cn/thinkingdata/android/k.java cn/thinkingdata/android/l.java cn/thinkingdata/android/r/g.java cn/thinkingdata/android/r/h.java cn/thinkingdata/android/utils/c.java cn/thinkingdata/android/utils/g.java cn/thinkingdata/android/utils/j.java cn/thinkingdata/android/utils/r.java com/alipay/a/a/g.java com/bun/miitmdid/c/k/a.java com/bun/miitmdid/core/JLibrary.java com/bun/miitmdid/core/MdidSdkHelper.java com/bun/miitmdid/core/Utils.java com/bytedance/dr/impl/m.java com/chinaums/pppay/unify/UnifyUtils.java com/chuanglan/shanyan_sdk/c/c.java com/chuanglan/shanyan_sdk/c/e.java com/chuanglan/shanyan_sdk/utils/h.java com/chuanglan/shanyan_sdk/utils/t.java com/chuanglan/shanyan_sdk/utils/w.java com/kwai/monitor/oaid/OADIDSDKHelper.java com/kwai/monitor/oaid/OADIDSDKHelper25.java com/lgame/sdk/manager/DeviceManager.java com/nostra13/universalimageloader/core/imageaware/ImageViewAware.java com/sdk/k/a.java com/sdk/n/a.java com/switfpass/pay/activity/zxing/camera/c.java com/switfpass/pay/utils/DialogHelper.java com/unionpay/UPPayAssistEx.java com/unionpay/sdk/af.java com/unionpay/sdk/ak.java com/unionpay/sdk/al.java com/unionpay/sdk/ap.java com/unionpay/sdk/aq.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/sdk/i.java com/unionpay/sdk/k.java com/unionpay/sdk/r.java com/unionpay/sdk/w.java com/unionpay/tsmservice/mi/widget/UPSaftyKeyboard.java com/unionpay/tsmservice/widget/UPSaftyKeyboard.java
一般功能-> 获取系统服务(getSystemService)	显示文件 a/a/a/b/d.java a/a/a/g/c.java a/a/a/g/d.java cn/lqgame/sdk/baseview/BaseView.java cn/lqgame/sdk/dialog/TeenagerConfirmDialog.java cn/lqgame/sdk/floatwind/BaseFloatWindow.java cn/lqgame/sdk/floatwind/DownUpdateBroadcastReceiver.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowService.java cn/lqgame/sdk/floatwind/FloatWindowView.java cn/lqgame/sdk/floatwind/FloatWindowViewNew.java cn/lqgame/sdk/floatwind/FloatWindowViewSimple.java cn/lqgame/sdk/floatwind/MyWindowManager.java cn/lqgame/sdk/floatwind/WindowServer.java cn/lqgame/sdk/login/utils/ConfigUtils.java cn/lqgame/sdk/login/view/DynamicNotice.java cn/lqgame/sdk/login/view/Permissions.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/lqgame/sdk/utils/NetworkUtil.java cn/lqgame/sdk/utils/SimCardUtil.java cn/thinkingdata/android/k.java cn/thinkingdata/android/utils/g.java com/chuanglan/shanyan_sdk/utils/h.java com/lgame/sdk/manager/DeviceManager.java com/nostra13/universalimageloader/core/DefaultConfigurationFactory.java com/sdk/a/a.java com/sdk/base/module/manager/SDKManager.java com/sdk/f/a.java com/sdk/n/a.java com/sdk/x/a.java com/switfpass/pay/MainApplication.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/zxing/camera/b.java com/switfpass/pay/thread/NetHelper.java com/unionpay/UPPayAssistEx.java com/unionpay/a.java com/unionpay/sdk/d.java com/unionpay/sdk/e.java com/unionpay/sdk/f.java com/unionpay/sdk/r.java com/unionpay/utils/e.java
一般功能-> IPC通信	显示文件 a/a/a/b/d.java a/a/a/c/j.java a/a/a/c/m/c.java a/a/a/f/b.java a/a/a/f/c/a.java a/a/a/f/c/b.java a/a/a/f/c/c.java a/a/a/f/c/d.java a/a/a/f/c/e.java a/a/a/f/c/f.java a/a/a/f/d/a.java cn/gov/pbc/tsm/client/mobile/android/bank/service/a.java cn/lqgame/sdk/LqSdkManager.java cn/lqgame/sdk/dialog/SplashDialog.java cn/lqgame/sdk/floatwind/DownUpdateBroadcastReceiver.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java cn/lqgame/sdk/floatwind/FloatWindowService.java cn/lqgame/sdk/floatwind/FloatWindowView.java cn/lqgame/sdk/floatwind/FloatWindowViewNew.java cn/lqgame/sdk/floatwind/WindowServer.java cn/lqgame/sdk/login/LoginActivity.java cn/lqgame/sdk/login/ProtocolView.java cn/lqgame/sdk/login/RealCerterActivity.java cn/lqgame/sdk/login/USChatDialog.java cn/lqgame/sdk/login/view/Permissions.java cn/lqgame/sdk/pay/CouponActivity.java cn/lqgame/sdk/pay/NewPayActivity.java cn/lqgame/sdk/pay/PayWebView.java cn/lqgame/sdk/pay/WebViewActivity.java cn/lqgame/sdk/service/CustomerActivity.java cn/lqgame/sdk/share/SystemShareManager.java cn/lqgame/sdk/utils/BatteryUtils.java cn/lqgame/sdk/utils/CheckSimulator.java cn/lqgame/sdk/utils/FileStoreManager.java cn/lqgame/sdk/utils/SkipServiceUtil.java cn/lqgame/sdk/utils/WXAPIUtil.java cn/thinkingdata/android/TDReceiver.java cn/thinkingdata/android/aop/push/TAPushLifecycleCallbacks.java cn/thinkingdata/android/aop/push/TAPushProcess.java cn/thinkingdata/android/aop/push/TAPushTrackHelper.java cn/thinkingdata/android/aop/push/TAPushUtils.java cn/thinkingdata/android/g.java cn/thinkingdata/android/j.java cn/thinkingdata/android/k.java cn/thinkingdata/android/o.java com/UCMobile/PayPlugin/PayInterface.java com/UCMobile/PayPlugin/PayPluginService.java com/UCMobile/PayPlugin/PayResultReceiver.java com/alipay/android/app/IAlixPay.java com/alipay/android/app/IRemoteServiceCallback.java com/bun/lib/c.java com/bun/miitmdid/c/b/a.java com/bun/miitmdid/c/g/a.java com/bun/miitmdid/supplier/msa/MsaClient.java com/bun/miitmdid/supplier/sumsung/SumsungCore.java com/bytedance/dr/aidl/a.java com/bytedance/dr/aidl/b.java com/bytedance/dr/aidl/c.java com/bytedance/dr/aidl/d.java com/bytedance/dr/aidl/e.java com/bytedance/dr/aidl/f.java com/bytedance/dr/aidl/g.java com/bytedance/dr/impl/a.java com/bytedance/dr/impl/b.java com/bytedance/dr/impl/c.java com/bytedance/dr/impl/d.java com/bytedance/dr/impl/e.java com/bytedance/dr/impl/f.java com/bytedance/dr/impl/g.java com/bytedance/dr/impl/k.java com/bytedance/dr/impl/l.java com/chinaums/pppay/unify/UnifyPayPlugin.java com/chinaums/pppay/unify/UnifyUtils.java com/chuanglan/shanyan_sdk/c/b.java com/chuanglan/shanyan_sdk/c/f.java com/chuanglan/shanyan_sdk/c/h.java com/chuanglan/shanyan_sdk/utils/a.java com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java com/chuanglan/shanyan_sdk/view/ShanYanOneKeyActivity.java com/lgame/sdk/X5WebView/X5CorePreLoadIS.java com/lgame/sdk/X5WebView/X5WebViewClientImpl.java com/lgame/sdk/view/LGActivity.java com/sdk/base/module/permission/PermissionActivity.java com/switfpass/pay/activity/E.java com/switfpass/pay/activity/G.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/activity/PayResultActivity.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/switfpass/pay/activity/QrcodeActivity.java com/switfpass/pay/activity/zxing/camera/c.java com/switfpass/pay/activity/zxing/decoding/Intents.java com/switfpass/pay/activity/zxing/decoding/PayCaptureActivityHandler.java com/switfpass/pay/utils/DialogHelper.java com/switfpass/pay/utils/DialogInfoSdk.java com/tjqymhztand/game/wxapi/WXEntryActivity.java com/unionpay/UPPayAssistEx.java com/unionpay/UPPayWapActivity.java com/unionpay/a.java com/unionpay/client3/tsm/ITsmConnection.java com/unionpay/client3/tsm/ITsmConnectionCallback.java com/unionpay/m.java com/unionpay/mobile/tsm/connect/IInitCallback.java com/unionpay/mobile/tsm/connect/IRemoteApdu.java com/unionpay/sdk/ao.java com/unionpay/sdk/f.java com/unionpay/tsmservice/ITsmActivityCallback.java com/unionpay/tsmservice/ITsmCallback.java com/unionpay/tsmservice/ITsmProgressCallback.java com/unionpay/tsmservice/ITsmService.java com/unionpay/tsmservice/OnSafetyKeyboardCallback.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/a.java com/unionpay/tsmservice/mi/ITsmActivityCallback.java com/unionpay/tsmservice/mi/ITsmCallback.java com/unionpay/tsmservice/mi/ITsmProgressCallback.java com/unionpay/tsmservice/mi/ITsmService.java com/unionpay/tsmservice/mi/OnSafetyKeyboardCallback.java com/unionpay/tsmservice/mi/UPTsmAddon.java com/unionpay/tsmservice/mi/a.java
组件-> 启动 Service	显示文件 a/a/a/f/b.java a/a/a/f/c/a.java a/a/a/f/c/f.java cn/lqgame/sdk/LqSdkManager.java com/bun/miitmdid/c/g/a.java com/bun/miitmdid/supplier/sumsung/SumsungCore.java com/bytedance/dr/impl/c.java com/chuanglan/shanyan_sdk/c/f.java com/chuanglan/shanyan_sdk/c/h.java com/lgame/sdk/view/LGActivity.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/mi/UPTsmAddon.java
进程操作-> 杀死进程	显示文件 cn/lqgame/sdk/LqSdkManager.java cn/lqgame/sdk/crash/LqCrashHandler.java cn/thinkingdata/android/l.java com/lgame/sdk/view/LGActivity.java
进程操作-> 获取进程pid	显示文件 a/a/a/b/d.java a/a/a/g/d.java cn/lqgame/sdk/LqSdkManager.java cn/lqgame/sdk/crash/LqCrashHandler.java cn/thinkingdata/android/l.java cn/thinkingdata/android/utils/g.java com/chuanglan/shanyan_sdk/utils/t.java com/lgame/sdk/view/LGActivity.java
隐私数据-> 获取GPS位置信息	显示文件 com/unionpay/UPPayAssistEx.java com/unionpay/sdk/j.java com/unionpay/sdk/r.java com/unionpay/utils/e.java
组件-> 启动 Activity	显示文件 cn/lqgame/sdk/LqSdkManager.java cn/lqgame/sdk/dialog/SplashDialog.java cn/lqgame/sdk/floatwind/DownUpdateBroadcastReceiver.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java cn/lqgame/sdk/floatwind/FloatWindowView.java cn/lqgame/sdk/floatwind/FloatWindowViewNew.java cn/lqgame/sdk/login/LoginActivity.java cn/lqgame/sdk/login/ProtocolView.java cn/lqgame/sdk/login/RealCerterActivity.java cn/lqgame/sdk/login/USChatDialog.java cn/lqgame/sdk/login/view/Permissions.java cn/lqgame/sdk/pay/NewPayActivity.java cn/lqgame/sdk/pay/PayWebView.java cn/lqgame/sdk/pay/WebViewActivity.java cn/lqgame/sdk/service/CustomerActivity.java cn/lqgame/sdk/share/SystemShareManager.java cn/lqgame/sdk/utils/SkipServiceUtil.java com/UCMobile/PayPlugin/PayInterface.java com/alipay/android/app/IRemoteServiceCallback.java com/chinaums/pppay/unify/UnifyPayPlugin.java com/chinaums/pppay/unify/UnifyUtils.java com/chuanglan/shanyan_sdk/utils/a.java com/lgame/sdk/X5WebView/X5WebViewClientImpl.java com/switfpass/pay/activity/C.java com/switfpass/pay/activity/C0111p.java com/switfpass/pay/activity/G.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/activity/PayResultActivity.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/switfpass/pay/activity/QrcodeActivity.java com/switfpass/pay/activity/R.java com/switfpass/pay/utils/B.java com/switfpass/pay/utils/C0127k.java com/switfpass/pay/utils/C0129m.java com/switfpass/pay/utils/C0132p.java com/switfpass/pay/utils/C0135s.java com/switfpass/pay/utils/DialogInfoSdk.java com/switfpass/pay/utils/DialogInterfaceOnClickListenerC0117a.java com/switfpass/pay/utils/M.java com/switfpass/pay/utils/P.java com/switfpass/pay/utils/R.java com/unionpay/UPPayAssistEx.java com/unionpay/a.java com/unionpay/m.java com/unionpay/tsmservice/ITsmActivityCallback.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/a.java com/unionpay/tsmservice/mi/ITsmActivityCallback.java com/unionpay/tsmservice/mi/UPTsmAddon.java com/unionpay/tsmservice/mi/a.java
网络通信-> HTTP建立连接	显示文件 a/a/a/e/c.java cn/lqgame/sdk/common/GetDataImpl.java cn/lqgame/sdk/share/SystemShareManager.java cn/lqgame/sdk/utils/NetworkUtil.java cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/utils/d.java com/chuanglan/shanyan_sdk/e/d.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/sdk/a/a.java com/sdk/a/c.java com/sdk/a/d.java com/switfpass/pay/thread/NetHelper.java com/unionpay/a/a.java com/unionpay/a/c.java com/unionpay/sdk/b.java
加密解密-> Crypto加解密组件	显示文件 a/a/a/b/d.java cn/lqgame/sdk/common/SE.java cn/thinkingdata/android/encrypt/c.java com/chuanglan/shanyan_sdk/utils/b.java com/chuanglan/shanyan_sdk/utils/u.java com/sdk/o/b.java com/sdk/q/b.java com/sdk/q/c.java com/sdk/v/b.java com/sdk/v/c.java com/sdk/v/e.java com/switfpass/pay/utils/Rsa.java com/unionpay/sdk/av.java com/unionpay/sdk/k.java com/unionpay/utils/d.java
加密解密-> Base64 加密	显示文件 cn/lqgame/sdk/common/SE.java cn/lqgame/sdk/entity/LQgameBaseInfo.java com/chuanglan/shanyan_sdk/tool/c.java com/chuanglan/shanyan_sdk/tool/k.java com/sdk/b/a.java com/sdk/q/c.java com/unionpay/sdk/av.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/mi/UPTsmAddon.java
加密解密-> Base64 解密	显示文件 cn/lqgame/sdk/common/SE.java com/sdk/a/c.java com/sdk/b/a.java com/sdk/q/c.java com/unionpay/UPPayAssistEx.java com/unionpay/b.java com/unionpay/sdk/av.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/mi/UPTsmAddon.java com/unionpay/utils/b.java
进程操作-> 获取运行的进程\服务	cn/lqgame/sdk/floatwind/FloatWindowService.java cn/lqgame/sdk/login/view/Permissions.java cn/thinkingdata/android/utils/g.java
网络通信-> URLConnection	cn/lqgame/sdk/common/GetDataImpl.java com/unionpay/sdk/b.java
网络通信-> HTTPS建立连接	显示文件 cn/thinkingdata/android/TDConfig.java cn/thinkingdata/android/utils/d.java com/chuanglan/shanyan_sdk/e/c.java com/chuanglan/shanyan_sdk/e/d.java com/sdk/a/d.java com/unionpay/a/c.java com/unionpay/sdk/b.java
网络通信-> WebView JavaScript接口	显示文件 cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java cn/lqgame/sdk/login/ProtocolView.java cn/lqgame/sdk/login/view/PwdRedDialog.java cn/lqgame/sdk/pay/PayWebView.java cn/lqgame/sdk/pay/WebViewActivity.java cn/lqgame/sdk/service/CustomerActivity.java cn/thinkingdata/android/ThinkingAnalyticsSDK.java com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/unionpay/WebViewJavascriptBridge.java
网络通信-> WebView 相关	显示文件 cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java cn/lqgame/sdk/login/ProtocolView.java cn/lqgame/sdk/login/view/DynamicNotice.java cn/lqgame/sdk/login/view/PwdRedDialog.java cn/lqgame/sdk/pay/PayWebView.java cn/lqgame/sdk/pay/WebViewActivity.java cn/lqgame/sdk/service/CustomerActivity.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/thinkingdata/android/ThinkingAnalyticsSDK.java com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/unionpay/UPPayWapActivity.java com/unionpay/WebViewJavascriptBridge.java
组件-> ContentProvider	a/a/a/f/b.java com/bytedance/dr/impl/i.java
一般功能-> 查看\修改Android系统属性	显示文件 a/a/a/b/d.java a/a/a/f/a.java cn/lqgame/sdk/utils/DeviceInfoManager.java cn/thinkingdata/android/utils/c.java com/chuanglan/shanyan_sdk/utils/h.java
组件-> 发送广播	显示文件 cn/lqgame/sdk/utils/FileStoreManager.java cn/thinkingdata/android/j.java com/UCMobile/PayPlugin/PayInterface.java com/UCMobile/PayPlugin/PayResultReceiver.java com/lgame/sdk/X5WebView/X5CorePreLoadIS.java
一般功能-> 加载so文件	显示文件 com/UCMobile/PayPlugin/PluginIcon.java com/UCMobile/PayPlugin/PluginSurfaceView.java com/bun/miitmdid/core/JLibrary.java com/chuanglan/shanyan_sdk/utils/s.java com/unionpay/UPPayAssistEx.java com/unionpay/b/b.java com/unionpay/b/e.java com/unionpay/tsmservice/UPTsmAddon.java com/unionpay/tsmservice/mi/UPTsmAddon.java
命令执行-> getRuntime.exec()	显示文件 a/a/a/b/d.java cn/thinkingdata/android/utils/r.java com/bun/miitmdid/core/Utils.java com/chuanglan/shanyan_sdk/utils/v.java com/unionpay/sdk/d.java com/unionpay/sdk/e.java
隐私数据-> 获取已安装的应用程序	显示文件 a/a/a/b/d.java cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/floatwind/FloatWindowView.java cn/lqgame/sdk/floatwind/FloatWindowViewNew.java cn/lqgame/sdk/login/USChatDialog.java cn/lqgame/sdk/utils/CheckSimulator.java cn/lqgame/sdk/utils/WXAPIUtil.java com/switfpass/pay/utils/PayDialogInfo.java com/unionpay/sdk/e.java
一般功能-> 获取WiFi相关信息	显示文件 a/a/a/b/d.java cn/lqgame/sdk/utils/DeviceInfoManager.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/utils/e.java
一般功能-> 获取网络接口信息	显示文件 a/a/a/b/d.java cn/lqgame/sdk/utils/DeviceInfoManager.java com/chuanglan/shanyan_sdk/utils/f.java com/sdk/b/a.java com/sdk/x/a.java com/unionpay/sdk/d.java com/unionpay/sdk/f.java
一般功能-> 获取活动网路信息	显示文件 cn/lqgame/sdk/utils/DeviceInfoManager.java cn/lqgame/sdk/utils/NetworkUtil.java cn/thinkingdata/android/k.java com/chuanglan/shanyan_sdk/utils/h.java com/sdk/n/a.java com/switfpass/pay/MainApplication.java com/unionpay/UPPayAssistEx.java com/unionpay/sdk/f.java
JavaScript 接口方法	显示文件 cn/lqgame/sdk/floatwind/FloatWebView.java cn/lqgame/sdk/login/view/PwdRedDialog.java cn/lqgame/sdk/pay/PayCbJsInterface.java cn/lqgame/sdk/pay/PayWebView.java cn/thinkingdata/android/TDWebAppInterface.java com/chinaums/pppay/unify/UnifyPayPlugin.java com/lgame/sdk/manager/ManifestManager.java com/lgame/sdk/manager/SdkManager.java com/unionpay/WebViewJavascriptBridge.java
网络通信-> UDP数据包	cn/thinkingdata/android/utils/n.java
网络通信-> UDP数据报套接字	cn/thinkingdata/android/utils/n.java
设备指纹-> getSimOperator	显示文件 cn/thinkingdata/android/k.java com/chuanglan/shanyan_sdk/utils/h.java com/sdk/f/a.java com/sdk/n/a.java com/unionpay/sdk/f.java
设备指纹-> 查看运营商信息	cn/thinkingdata/android/k.java com/sdk/f/a.java com/unionpay/sdk/f.java
网络通信-> WebView使用File协议	cn/lqgame/sdk/floatwind/FloatWindowActivityDetail.java com/chuanglan/shanyan_sdk/view/CTCCPrivacyProtocolActivity.java com/lgame/sdk/X5WebView/X5WebView.java
一般功能-> 查询数据库(短信、联系人、通话记录、浏览器历史等)	cn/lqgame/sdk/utils/FileStoreManager.java
DEX-> 动态加载	com/chuanglan/shanyan_sdk/utils/h.java
网络通信-> DefaultHttpClient Connection	cn/lqgame/sdk/utils/NetworkUtil.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java
网络通信-> HTTP请求、连接和会话	cn/lqgame/sdk/utils/NetworkUtil.java com/switfpass/pay/utils/Util.java
隐私数据-> 剪贴板数据读写操作	cn/lqgame/sdk/floatwind/FloatWebView.java
设备指纹-> 查看本机IMSI	com/unionpay/sdk/d.java com/unionpay/sdk/f.java com/unionpay/utils/e.java
设备指纹-> 查看本机号码	com/unionpay/utils/e.java
设备指纹-> 查看本机SIM卡序列号	com/unionpay/sdk/d.java com/unionpay/sdk/f.java
一般功能-> 传感器相关操作	com/unionpay/sdk/d.java
敏感行为-> 检测了是否被jdb调试	a/a/a/c/h.java
隐私数据-> 拍照摄像	com/switfpass/pay/activity/zxing/camera/CameraManager.java
设备指纹-> getAllCellInfo	com/unionpay/sdk/f.java
设备指纹-> 获取蜂窝位置信息	com/unionpay/sdk/f.java

安全漏洞检测

高危

9

警告

9

信息

2

安全

2

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	Suppress the rule android_md5 in com.tjqymhztand.game Suppress the rule android_md5 in com.tjqymhztand.game only from these files
2	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	升级会员：解锁高级权限	Suppress the rule android_logging in com.tjqymhztand.game Suppress the rule android_logging in com.tjqymhztand.game only from these files
3	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	升级会员：解锁高级权限	Suppress the rule android_insecure_random in com.tjqymhztand.game Suppress the rule android_insecure_random in com.tjqymhztand.game only from these files
4	应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。	高危	CWE: CWE-649: 依赖于混淆或加密安全相关输入而不进行完整性检查 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-3	升级会员：解锁高级权限	Suppress the rule cbc_padding_oracle in com.tjqymhztand.game Suppress the rule cbc_padding_oracle in com.tjqymhztand.game only from these files
5	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_read_write_external in com.tjqymhztand.game Suppress the rule android_read_write_external in com.tjqymhztand.game only from these files
6	此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击	安全	OWASP MASVS: MSTG-NETWORK-4	升级会员：解锁高级权限	Suppress the rule android_ssl_pinning in com.tjqymhztand.game Suppress the rule android_ssl_pinning in com.tjqymhztand.game only from these files
7	不安全的Web视图实现。可能存在WebView任意代码执行漏洞	警告	CWE: CWE-749: 暴露危险方法或函数 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	升级会员：解锁高级权限	Suppress the rule android_webview in com.tjqymhztand.game Suppress the rule android_webview in com.tjqymhztand.game only from these files
8	IP地址泄露	警告	CWE: CWE-200: 信息泄露 OWASP MASVS: MSTG-CODE-2	升级会员：解锁高级权限	Suppress the rule android_ip_disclosure in com.tjqymhztand.game Suppress the rule android_ip_disclosure in com.tjqymhztand.game only from these files
9	使用弱加密算法	高危	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	Suppress the rule android_weak_ciphers in com.tjqymhztand.game Suppress the rule android_weak_ciphers in com.tjqymhztand.game only from these files
10	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	Suppress the rule android_sha1 in com.tjqymhztand.game Suppress the rule android_sha1 in com.tjqymhztand.game only from these files
11	此应用程序可能具有Root检测功能	安全	OWASP MASVS: MSTG-RESILIENCE-1	升级会员：解锁高级权限	Suppress the rule android_detect_root in com.tjqymhztand.game Suppress the rule android_detect_root in com.tjqymhztand.game only from these files
12	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	升级会员：解锁高级权限	Suppress the rule android_hardcoded in com.tjqymhztand.game Suppress the rule android_hardcoded in com.tjqymhztand.game only from these files
13	已启用远程WebView调试	高危	CWE: CWE-919: 移动应用程序中的弱点 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-RESILIENCE-2	升级会员：解锁高级权限	Suppress the rule android_webview_debug in com.tjqymhztand.game Suppress the rule android_webview_debug in com.tjqymhztand.game only from these files
14	默认情况下，调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知，ECB模式很弱，因为它导致相同明文块的密文相同	高危	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-2	升级会员：解锁高级权限	Suppress the rule android_aws_ecb_default in com.tjqymhztand.game Suppress the rule android_aws_ecb_default in com.tjqymhztand.game only from these files
15	应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式，因为它对相同的明文块[UNK]产生相同的密文	高危	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-2	升级会员：解锁高级权限	Suppress the rule android_aes_ecb in com.tjqymhztand.game Suppress the rule android_aes_ecb in com.tjqymhztand.game only from these files
16	可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息	警告	CWE: CWE-200: 信息泄露 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	升级会员：解锁高级权限	Suppress the rule android_webview_allow_file_from_url in com.tjqymhztand.game Suppress the rule android_webview_allow_file_from_url in com.tjqymhztand.game only from these files
17	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	升级会员：解锁高级权限	Suppress the rule android_sql_raw_query in com.tjqymhztand.game Suppress the rule android_sql_raw_query in com.tjqymhztand.game only from these files
18	不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击	高危	CWE: CWE-295: 证书验证不恰当 OWASP Top 10: M3: Insecure Communication OWASP MASVS: MSTG-NETWORK-3	升级会员：解锁高级权限	Suppress the rule android_webview_ignore_ssl in com.tjqymhztand.game Suppress the rule android_webview_ignore_ssl in com.tjqymhztand.game only from these files
19	该文件是World Readable。任何应用程序都可以读取文件	高危	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_world_readable in com.tjqymhztand.game Suppress the rule android_world_readable in com.tjqymhztand.game only from these files
20	SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击	高危	CWE: CWE-295: 证书验证不恰当 OWASP Top 10: M3: Insecure Communication OWASP MASVS: MSTG-NETWORK-3	升级会员：解锁高级权限	Suppress the rule android_insecure_ssl in com.tjqymhztand.game Suppress the rule android_insecure_ssl in com.tjqymhztand.game only from these files
21	此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板，因为其他应用程序可以访问它	信息	OWASP MASVS: MSTG-STORAGE-10	升级会员：解锁高级权限	Suppress the rule android_clipboard_copy in com.tjqymhztand.game Suppress the rule android_clipboard_copy in com.tjqymhztand.game only from these files
22	该文件是World Writable。任何应用程序都可以写入文件	高危	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	Suppress the rule android_world_writable in com.tjqymhztand.game Suppress the rule android_world_writable in com.tjqymhztand.game only from these files

Native库安全分析

序号	动态库	NX(堆栈禁止执行)	PIE	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)
1	arm64-v8a/libEncryptorP.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。		True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用

文件分析

序号	问题	文件

敏感权限分析

恶意软件常用权限 11/30

android.permission.ACCESS_COARSE_LOCATION
android.permission.CALL_PHONE
android.permission.CAMERA
android.permission.GET_TASKS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.READ_PHONE_STATE
android.permission.RECORD_AUDIO
android.permission.SEND_SMS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
android.permission.WRITE_SETTINGS

其它常用权限 7/46

android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地理位置

恶意域名检测

域名	状态	中国境内	位置信息
ad.partner.gifshow.com	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 北京城市: 北京查看: 高德地图
mobilegw.alipaydev.com	安全	是	IP地址: 221.229.209.223 国家: 中国地区: 浙江城市: Hankasalmi 查看: 高德地图
api-e189.21cn.com	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 江苏城市: 苏州查看: 高德地图
toblog.volceapplog.com	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 江苏城市: scsabaBekesszentandrasBekhteryBekhteyevkaBekilli BekkevoortBekovoBektemirBekwaiBel Air Bel Om 查看: 高德地图
sdk.hnhuolang.com	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 安徽城市: 苏州查看: 高德地图
open.e.189.cn	安全	是	IP地址: 193.112.234.72 国家: 中国地区: 北京城市: 北京查看: 高德地图
alink.volceapplog.com	安全	是	IP地址: 193.112.234.72 国家: 中国地区: 江苏城市: -Balkarskaya RespublikaKabaroleKaberamaidoKabulKachinKadiogoKadunaKaebKaffrineKafr ash ShaykhKagawaK 查看: 高德地图
report-api.lexuangame.com	安全	是	IP地址: 193.112.234.72 国家: 中国地区: 安徽城市: 苏州查看: 高德地图
www.cmpassport.com	安全	是	IP地址: 193.112.234.72 国家: 中国地区: 安徽城市: 合肥查看: 高德地图
applog.snssdk.com	安全	是	IP地址: 222.186.18.200 国家: 中国地区: 江苏省城市: 南京查看: 高德地图
mobilegw.aaa.alipay.net	安全	否	没有可用的地理位置信息。
auth.wosms.cn	安全	是	IP地址: 123.125.99.19 国家: 中国地区: 北京城市: 北京查看: 高德地图
sdk.hnmengdou.com	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 江苏城市: 常州查看: 高德地图
toblog-alink.ctobsnssdk.com	安全	是	IP地址: 221.229.209.223 国家: 中国地区: 江苏城市: 镇江查看: 高德地图
toblog.ctobsnssdk.com	安全	是	IP地址: 193.112.234.72 国家: 中国地区: 江苏城市: 镇江查看: 高德地图
opencloud.wostore.cn	安全	是	IP地址: 222.186.18.194 国家: 中国地区: 上海城市: 上海查看: 高德地图
wap.cmpassport.com	安全	是	IP地址: 120.232.169.168 国家: 中国地区: 广东城市: 广州查看: 高德地图
astat.bugly.qcloud.com	安全	否	IP地址: 119.28.121.133 国家: 新加坡地区: 新加坡城市: 新加坡查看: Google 地图
gw.tenpay.com	安全	否	没有可用的地理位置信息。
abtest.volceapplog.com	安全	是	IP地址: 221.229.209.223 国家: 中国地区: 江苏城市: 徐州查看: 高德地图
paya.swiftpass.cn	安全	是	IP地址: 221.229.209.223 国家: 中国地区: 北京城市: 北京查看: 高德地图
tobapplog.volceapplog.com	安全	是	IP地址: 121.228.188.224 国家: 中国地区: 江苏城市: 苏州查看: 高德地图
www.95516.com	安全	是	IP地址: 58.220.75.72 国家: 中国地区: 江苏城市: 扬州查看: 高德地图
mobile.unionpay.com	安全	否	没有可用的地理位置信息。
e.189.cn	安全	是	IP地址: 221.231.83.99 国家: 中国地区: 北京城市: 北京查看: 高德地图
log.snssdk.com	安全	是	IP地址: 221.231.83.99 国家: 中国地区: 江苏城市: 盐城查看: 高德地图
mobilegw.stable.alipay.net	安全	否	没有可用的地理位置信息。
h5.m.taobao.com	安全	是	IP地址: 222.186.18.190 国家: 中国地区: 江苏省城市: 南京查看: 高德地图
ichannel.snssdk.com	安全	是	IP地址: 101.133.104.19 国家: 中国地区: 江苏城市: 苏州查看: 高德地图
databyterangers.com.cn	安全	否	没有可用的地理位置信息。
klink.volceapplog.com	安全	是	IP地址: 222.186.18.199 国家: 中国地区: 江苏城市: 苏州查看: 高德地图
log-api.oceanengine.com	安全	是	IP地址: 60.188.67.206 国家: 中国地区: 江苏城市: 镇江查看: 高德地图
zhifu.dev.swiftpass.cn	安全	否	没有可用的地理位置信息。
huangjun.dev.swiftpass.cn	安全	否	没有可用的地理位置信息。
slog.hnmengdou.com	安全	是	IP地址: 60.188.67.206 国家: 中国地区: 浙江城市: 台州查看: 高德地图
sysdk.cl2009.com	安全	是	IP地址: 60.188.67.206 国家: 中国地区: 上海城市: 上海查看: 高德地图
tobapplog.ctobsnssdk.com	安全	是	IP地址: 61.147.168.161 国家: 中国地区: 江苏城市: 镇江查看: 高德地图
sy.cl2m.cn	安全	是	IP地址: 106.14.53.48 国家: 中国地区: 上海城市: 上海查看: 高德地图
fs.cl2009.com	安全	是	IP地址: 58.215.85.78 国家: 中国地区: 上海城市: 上海查看: 高德地图
api.e.kuaishou.com	安全	是	IP地址: 58.215.85.78 国家: 中国地区: 江苏城市: 无锡查看: 高德地图
astat.bugly.cros.wr.pvp.net	安全	否	IP地址: 222.186.18.199 国家: 美利坚合众国地区: 加利福尼亚城市: 旧金山查看: Google 地图
mobilegw-1-64.test.alipay.net	安全	否	没有可用的地理位置信息。
dlhw.hnmengdou.com	安全	是	IP地址: 106.225.238.100 国家: 中国地区: 江西城市: 南昌查看: 高德地图

手机号提取

URL链接分析

URL信息	源码文件
https://auth.wosms.cn https://daily.m.zzx9.cn	自研引擎-A
https://sdk.hnmengdou.com/h5hb/client/index.html?channelid=521029	自研引擎-M
10.0.0.172	cn/lqgame/sdk/utils/NetworkUtil.java
www.cmpassport.com	com/chuanglan/shanyan_sdk/utils/q.java
https://gw.tenpay.com/gateway/normalorderquery.xml?	com/switfpass/pay/utils/Constants.java
https://paya.swiftpass.cn/pay/gateway	com/switfpass/pay/activity/AsyncTaskC0100e.java
2.3.6.4 https://sysdk.cl2009.com https://sy.cl2m.cn	com/chuanglan/shanyan_sdk/a.java
2.0.2.9	cn/lqgame/sdk/entity/LQgameBaseInfo.java
javascript:getwechatcode javascript:getwechatshare https://d.alipay.com	cn/lqgame/sdk/floatwind/FloatWebView.java
2.3.6.4	com/chuanglan/shanyan_sdk/tool/c.java
https://sdk.hnmengdou.com/floatwin_hb/index.html https://sdk.hnmengdou.com/floatwin_hb_h5/index.html	cn/lqgame/sdk/floatwind/MyWindowManager.java
http://huangjun.dev.swiftpass.cn/ https://paya.swiftpass.cn/	com/switfpass/pay/MainApplication.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/login/CheckProtocolDialog.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/login/utils/ConfigUtils.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/login/view/QuickLogin.java
https://dlhw.hnmengdou.com/appnews/article/	cn/lqgame/sdk/login/view/DynamicNotice.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/login/view/PhonePwdLogin.java
2.3.6.4 https://fs.cl2009.com/flash/thin/accountinit/v3	com/chuanglan/shanyan_sdk/tool/l.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/login/view/PhoneCodeLogin.java
https://d.alipay.com	com/lgame/sdk/X5WebView/X5WebViewClientImpl.java
2.3.6.4	com/chuanglan/shanyan_sdk/tool/i.java
2.3.6.4	com/chuanglan/shanyan_sdk/tool/k.java
2.3.6.4	com/chuanglan/shanyan_sdk/d/f.java
2.3.6.4	com/chuanglan/shanyan_sdk/e/g.java
https://report-api.lexuangame.com	cn/lqgame/sdk/utils/ThinkingManager.java
2.3.6.4	com/chuanglan/shanyan_sdk/e/d.java
140.207.168.45	com/unionpay/sdk/f.java
http://zhifu.dev.swiftpass.cn/spay/notify https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s 127.0.0.1	com/switfpass/pay/activity/PayPlugin.java
http://mobile.unionpay.com/getclient?platform=android&type=securepayplugin https://mobile.unionpay.com/getclient?platform=android&type=securepayplugin	com/unionpay/UPPayAssistEx.java
224.0.0.1 255.255.255.255 127.0.0.1	com/chuanglan/shanyan_sdk/utils/p.java
https://api.e.kuaishou.com/rest/config/client/v1/open/globalid https://api.e.kuaishou.com/rest/config/client/v1/open/sdkgatherconfig https://ad.partner.gifshow.com/api/v2/sdk/log?token=dee6172daef74f0895c7d185956ac0a7	a/a/a/b/e.java
https://sdk.hnmengdou.com/floatwin/common/html/userbindidcard.html https://sdk.hnmengdou.com/api/check_is_report_charge.php https://slog.hnmengdou.com/api/statistics.php https://slog.hnmengdou.com/ https://sdk.hnmengdou.com/v4.0/api/coupon.php https://sdk.hnmengdou.com/v4.0/ https://sdk.hnhuolang.com/api/protocol/hl_protocol.html https://sdk.hnmengdou.com/v4.0/api/get_charge_list.php https://sdk.hnmengdou.com/floatwin/common/html/userbindcellphone_v3.html https://sdk.hnmengdou.com/v4.0/api/init.php https://slog.hnmengdou.com/api/sdk_click_report.php https://sdk.hnmengdou.com/floatwin/common/html/wxofficialaccount.html https://sdk.hnmengdou.com/ https://slog.hnmengdou.com/api/statis_role.php https://sdk.hnmengdou.com/floatwin/index_vertical.php	cn/lqgame/sdk/login/utils/HttpReq.java
https://d.alipay.com	cn/lqgame/sdk/pay/PayWebView.java
https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2	cn/lqgame/sdk/dialog/AgreementDialog.java
http://211.154.151.196:8081/tenpay/payment/notifycallbackurl	com/switfpass/pay/utils/Util.java
https://sdk.hnmengdou.com/v4.0/h5page/h5api.php?	cn/lqgame/sdk/utils/CommMessage.java
140.207.168.45 http://140.207.168.45/g/d	com/unionpay/sdk/c.java
https://sy.cl2m.cn https://sysdk.cl2009.com/log/fdr/v3 https://sy.cl2m.cn/flash/thin/accountinit/v3 https://sy.cl2m.cn/flash/accountinit/v4 https://sysdk.cl2009.com	com/chuanglan/shanyan_sdk/a/e.java
2.3.6.4 https://wap.cmpassport.com/resources/html/contract.html https://auth.wosms.cn/html/oauth/protocol2.html https://e.189.cn/sdk/agreement/detail.do?hidetop=true	com/chuanglan/shanyan_sdk/a/a.java
https://gw.tenpay.com/gateway/normalorderquery.xml? http://mobilegw.aaa.alipay.net/mgw.htm https://auth.wosms.cn/html/oauth/protocol2.html https://report-api.lexuangame.com https://toblog.ctobsnssdk.com/service/2/app_log/ https://tbsrecovery.imtt.qq.com/getconfig https://open.e.189.cn/openapi/special/gettimestamp.do http://211.154.151.196:8081/tenpay/payment/notifycallbackurl https://toblog.ctobsnssdk.com/service/2/abtest_config/ https://astat.bugly.cros.wr.pvp.net/:8180/rqd/async https://toblog.ctobsnssdk.com/service/2/device_update https://paya.swiftpass.cn/ https://mcgw.alipay.com/sdklog.do www.qq.com https://klink.volceapplog.com/service/2/app_alert_check/ https://toblog.volceapplog.com/service/2/app_log/ https://sdk.hnhuolang.com/api/protocol/hl_protocol.html https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=2 https://log.snssdk.com/service/2/device_update https://sdk.hnmengdou.com/floatwin/common/html/userbindcellphone_v3.html https://astat.bugly.qcloud.com/rqd/async https://github.com/lingochamp/filedownloader/wiki/filedownloader.properties http://mobile.unionpay.com/getclient?platform=android&type=securepayplugin https://tobapplog.volceapplog.com/service/2/app_log/ https://toblog.ctobsnssdk.com/service/2/device_register/ https://soft.tbs.imtt.qq.com/17421/tbs_res_imtt_tbs_debugplugin_debugplugin.tbs https://sdk.hnmengdou.com/floatwin/index_vertical.php 127.0.0.1 https://sdk.hnmengdou.com/floatwin_hb_h5/index.html https://sdk.hnmengdou.com/ https://dlhw.hnmengdou.com/appnews/article/ https://sdk.hnmengdou.com/floatwin/common/html/userbindidcard.html https://api.e.kuaishou.com/rest/config/client/v1/open/globalid https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true https://h.trace.qq.com/kv https://sdk.hnmengdou.com/v4.0/api/coupon.php https://sdk.hnmengdou.com/v4.0/api/init.php https://mobilegw.alipay.com/mgw.htm 10.0.0.172 https://api.e.kuaishou.com/rest/config/client/v1/open/sdkgatherconfig https://mdc.html5.qq.com/d/directdown.jsp?channel_id=11047 255.255.255.255 https://sdk.hnmengdou.com/v4.0/api/get_charge_list.php https://log.snssdk.com/service/2/app_log/ https://ad.partner.gifshow.com/api/v2/sdk/log?token=dee6172daef74f0895c7d185956ac0a7 https://mqqad.html5.qq.com/adjs https://slog.hnmengdou.com/api/statistics.php https://mobile.unionpay.com/getclient?platform=android&type=securepayplugin http://m.alipay.com/?action=h5quit https://sy.cl2m.cn https://applog.snssdk.com/service/2/app_log/ https://mobilegw.alipaydev.com/mgw.htm https://slog.hnmengdou.com/api/statis_role.php http://140.207.168.45/g/d https://sdk.hnmengdou.com/floatwin_hb/index.html https://e.189.cn/sdk/agreement/detail.do?hidetop=true 2.3.6.4 http://huangjun.dev.swiftpass.cn/ https://sysdk.cl2009.com www.cmpassport.com 2.0.2.9 https://toblog.ctobsnssdk.com/service/2/log_settings/ https://databyterangers.com.cn https://tobapplog.ctobsnssdk.com/service/2/app_log/ https://fs.cl2009.com/flash/thin/accountinit/v3 https://www.95516.com/portal/open/init.do?entry=open https://mclient.alipay.com/home/exterfaceassign.htm? https://log.snssdk.com/service/2/log_settings/ https://cfg.imtt.qq.com/tbs?v=2&mk= https://log.snssdk.com/service/2/device_register/ https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s https://sdk.hnmengdou.com/api/check_is_report_charge.php https://pms.mb.qq.com/rsp204 https://wappaygw.alipay.com/home/exterfaceassign.htm? https://slog.hnmengdou.com/ https://toblog-alink.ctobsnssdk.com/service/2/attribution_data https://toblog.volceapplog.com/service/2/log_settings/ https://sdk.hnmengdou.com/v4.0/h5page/h5api.php https://d.alipay.com https://sy.cl2m.cn/flash/accountinit/v4 https://mdc.html5.qq.com/d/directdown.jsp?channel_id=11041 file:unexpect https://wap.cmpassport.com/resources/html/contract.html https://mdc.html5.qq.com/d/directdown.jsp?channel_id=50079 https://mdc.html5.qq.com/mh?channel_id=50079&u= https://ichannel.snssdk.com/service/2/app_alert_check/ https://toblog-alink.ctobsnssdk.com/service/2/alink_data https://sy.cl2m.cn/flash/thin/accountinit/v3 https://sdk.hnmengdou.com/floatwin/common/html/wxofficialaccount.html http://zhifu.dev.swiftpass.cn/spay/notify https://h5.m.taobao.com/mlapp/olist.html https://toblog.ctobsnssdk.com/service/2/profile/ https://toblog.volceapplog.com/service/2/profile/ https://sdk.hnmengdou.com/v4.0/ https://slog.hnmengdou.com/api/sdk_click_report.php 224.0.0.1 https://alink.volceapplog.com/service/2/attribution_data http://mobilegw.stable.alipay.net/mgw.htm data::class.java.simplename https://api-e189.21cn.com/gw/client/accountmsg.do https://sdk.hnhuolang.com/api/protocol/hl_protocol.html?tab=1 https://debugx5.qq.com https://abtest.volceapplog.com/service/2/abtest_config/ https://debugtbs.qq.com https://toblog.ctobsnssdk.com/service/2/app_alert_check/ https://debugtbs.qq.com?10000 https://sysdk.cl2009.com/log/fdr/v3 https://alink.volceapplog.com/service/2/alink_data javascript:getwechatcode javascript:getwechatshare https://paya.swiftpass.cn/pay/gateway https://klink.volceapplog.com/service/2/device_register/ 140.207.168.45 https://klink.volceapplog.com/service/2/device_update https://log-api.oceanengine.com http://mobilegw-1-64.test.alipay.net/mgw.htm	自研引擎-S

Firebase配置检测

邮箱地址提取

EMAIL	源码文件
wftid@swiftpass.cn	com/switfpass/pay/utils/Constants.java
wftid@swiftpass.cn	自研引擎-S

第三方追踪器

名称	类别	网址
Bugly		https://reports.exodus-privacy.eu.org/trackers/190
Pangle	Advertisement	https://reports.exodus-privacy.eu.org/trackers/363
ThinkingData Analytics	Analytics, Identification	https://reports.exodus-privacy.eu.org/trackers/381

敏感凭证泄露

已显示 35 个secrets

1、凭证信息=> "ksAppId" : "80645"
2、凭证信息=> "LoginKey" : "ZNwmK2D6KeHWzdfp"
3、凭证信息=> "oneKeyID" : "jMZhmt7l"
4、 "lqgame_delete_normal_user" : "abc123456789"
5、 c9828b237c6349969247464c92185012
6、 64c2f89fdffa16729c9779f99562bc189d2ce4722ba0faedb11aa22d0d9db228fda
7、 kiG9w0BAQUFADCBqjELMAkGA0JFSUpJTkcxEDAOBgNVBAcMB0JFSUpJTkcxFjAUBgNVB
8、 861693111300f060355040713085368616e67686169311730
9、 b1ff56cef0e21c87260c63ce3ca868bf5974c14
10、 15060355040a130e4368696e6120556e696f6e50617931173015060355040b130e4
11、 54aa526e7a37d8ba2311a1d3d2ab79b3fbeaf3ebb9e7da9e7cdd9be1ae5a53595f47
12、 0f060355040713085368616e676861693117
13、 0a54b19a13b6712dc04d1b49215423d8
14、 92a864886f70d010101050003818d0030818902818100c42e6236d5054ffccaa
15、 1001a3e74c601e3beb1b7ae4f9ab2872a0aaf1dbc2cba89c7528cd
16、 891b9b2a1d867f95eefd537a56d4d805
17、 e94ddc285669ec06b8a405dd4341eac4ea7030203010001300d06092a864886f70d010105050003818
18、 0dc1c1c001c4d6c48241ce1ac41fd5a0
19、 8cc1d6ed5e1b2cc00489215aec3fc2eac008e767b0215981cb5e
20、 6e696f6e5061793111300f06035504031308556e696f6e5061
21、 3015060355040a130e4368696e6120556e696
22、 D75BB2802E61738A9A03BF014F927D9A
23、 dee6172daef74f0895c7d185956ac0a7
24、 d9255940da7b6cd07483f4b4243fd1825b2705
25、 3634385a3078310b300906035504061302383631
26、 f6e50617931173015060355040b130e4368696e6120556e696
27、 11300f060355040813085368616e67686169311130
28、 hjwg16Y0G83C18H9wpMLWi25KDSLyNLA2I509GQ5wydMj2qRYVHjf9fV7Xl9cfcFstlYsOtRAxdUcMOa0nkO1qhsbeEqirQRJmnW0Yub6Yar1FzfWJTlHutV43HJmd8E
29、 536C79B93ACFBEA950AE365D8CE1AEF91FEA9535
30、 89504e470d0a1a0a0000000d49484452000000210000003c0806000000e8acd32a000000097048597300000b1300000b1301009a9c1800000a4d6943435050686f746f73686f70204943432070726f66696c65000078da9d53775893f7163edff7650f5642d8f0b1976c81002223ac08c81059a21092006184101240c585880a561415119c4855c482d50a489d88e2a028b867418a885a8b555c38ee1fdca7b57d7aefededfbd7fbbce79ce7fcce79cf0f8011122691e6a26a003952853c3ad81f8f4f48c4c9bd80021548e0042010e6cbc26705c50000f00379787e74b03ffc01af6f00020070d52e2412c7e1ff83ba50265700209100e02212e70b01905200c82e54c81400c81800b053b3640a009400006c797c422200aa0d00ecf4493e0500d8a993dc1700d8a21ca908008d0100992847240240bb00605581522c02c0c200a0ac40222e04c0ae018059b632470280bd0500768e58900f4060008099422ccc0020380200431e13cd03204c03a030d2bfe0a95f7085b8480100c0cb95cd974bd23314b895d01a77f2f0e0e221e2c26cb142611729106609e4229c979b231348e7034cce0c00001af9d1c1fe383f90e7e6e4e1e666e76ceff4c5a2fe6bf06f223e21f1dffebc8c020400104ecfefda5fe5e5d60370c701b075bf6ba95b00da560068dff95d33db09a05a0ad07af98b7938fc401e9ea150c83c1d1c0a0b0bed2562a1bd30e38b3eff33e16fe08b7ef6fc401efedb7af000719a4099adc0a383fd71616e76ae528ee7cb0442316ef7e723fec7857ffd8e29d1e234b15c2c158af15889b850224dc779b952914421c995e212e97f32f11f96fd0993770d00ac864fc04eb607b5cb6cc07eee01028b0e58d27600407ef32d8c1a0b91001067343279f7000093bff98f402b0100cd97a4e30000bce8185ca894174cc608000044a0812ab041070cc114acc00e9cc11dbcc01702610644400c24c03c104206e4801c0aa11896411954c03ad804b5b0031aa0119ae110b4c131380de7e0125c81eb70170660189ec218bc86090441c8081361213a8811628ed822ce0817998e04226148349280a420e988145122c5c872a402a9426a915d4823f22d7214398d5c40fa90dbc820328afc8abc47319481b25103d4027540b9a81f1a8ac6a073d174340f5d8096a26bd11ab41e3d80b6a2a7d14be87574007d8a8e6380d1310e668cd9615c8c87456089581a26c71663e55835568f35631d583776151bc09e61ef0824028b8013ec085e8410c26c82909047584c5843a825ec23b412ba085709838431c2272293a84fb4257a12f9c478623ab1905846ac26ee211e219e255e270e135f9348240ec992e44e0a21259032490b496b48db482da453a43ed210699c4c26eb906dc9dee408b280ac209791b7900f904f92fbc9c3e4b7143ac588e24c09a22452a494124a35653fe504a59f324299a0aa51cda99ed408aa883a9f5a496da076502f5387a91334759a25cd9b1643cba42da3d5d09a696769f7682fe974ba09dd831e4597d097d26be807e9e7e983f4770c0d860d83c7486228196b197b19a718b7192f994ca605d39799c85430d7321b9967980f986f55582af62a7c1591ca12953a9556957e95e7aa545573553fd579aa0b54ab550fab5e567da64655b350e3a909d416abd5a91d55bba936aece5277528f50cf515fa3be5ffd82fa630db2868546a08648a35463b7c6198d2116c63265f15842d6725603eb2c6b984d625bb2f9ec4c7605fb1b762f7b4c534373aa66ac6691669de671cd010ec6b1e0f039d99c4ace21ce0dce7b2d032d3f2db1d66aad66ad7ead37da7adabeda62ed72ed16edebdaef75709d409d2c9df53a6d3af77509ba36ba51ba85badb75cfea3ed363eb79e909f5caf50ee9ddd147f56df4a3f517eaefd6efd11f373034083690196c313863f0cc9063e86b9869b8d1f084e1a811cb68ba91c468a3d149a327b826ee8767e33578173e66ac6f1c62ac34de65dc6b3c61626932dba4c4a4c5e4be29cd946b9a66bad1b4d374ccccc82cdcacd8acc9ec8e39d59c6b9e61bed9bcdbfc8d85a5459cc54a8b368bc796da967ccb05964d96f7ac98563e567956f556d7ac49d65ceb2ceb6dd6576c501b579b0c9b3a9bcbb6a8ad9badc4769b6ddf14e2148f29d229f5536eda31ecfcec0aec9aec06ed39f661f625f66df6cf1dcc1c121dd63b743b7c727475cc766c70bceba4e134c3a9c4a9c3e957671b67a1739df33517a64b90cb1297769717536da78aa76e9f7acb95e51aeebad2b5d3f5a39bbb9bdcadd96dd4ddcc3dc57dabfb4d2e9b1bc95dc33def41f4f0f758e271cce39da79ba7c2f390e72f5e765e595efbbd1e4fb39c269ed6306dc8dbc45be0bdcb7b603a3e3d65facee9033ec63e029f7a9f87bea6be22df3dbe237ed67e997e07fc9efb3bfacbfd8ff8bfe179f216f14e056001c101e501bd811a81b3036b031f049904a50735058d05bb062f0c3e15420c090d591f72936fc017f21bf96333dc672c9ad115ca089d155a1bfa30cc264c1ed6118e86cf08df107e6fa6f94ce9ccb60888e0476c88b81f69199917f97d14292a32aa2eea51b453747174f72cd6ace459fb67bd8ef18fa98cb93bdb6ab6727667ac6a6c526c63ec9bb880b8aab8817887f845f1971274132409ed89e4c4d8c43d89e37302e76c9a339ce49a54967463aee5dca2b917e6e9cecb9e773c593559907c3885981297b23fe5832042502f184fe5a76e4d1d13f2849b854f45bea28da251b1b7b84a3c92e69d5695f638dd3b7d43fa68864f4675c633094f522b79911992b923f34d5644d6deaccfd971d92d39949c949ca3520d6996b42bd730b728b74f662b2b930de479e66dca1b9387caf7e423f973f3db156c854cd1a3b452ae500e164c2fa82b785b185b78b848bd485ad433df66feeaf9230b82167cbd90b050b8b0b3d8b87859f1e022bf45bb16238b5317772e315d52ba647869f0d27dcb68cbb296fd50e2585255f26a79dcf28e5283d2a5a5432b82573495a994c9cb6eaef45ab9631561956455ef6a97d55b567f2a17955fac70aca8aef8b046b8e6e2574e5fd57cf5796ddadade4ab7caedeb48eba4eb6eacf759bfaf4abd6a41d5d086f00dad1bf18de51b5f6d4ade74a17a6af58ecdb4cdcacd03356135ed5bccb6acdbf2a136a3f67a9d7f5dcb56fdadabb7bed926dad6bfdd777bf30e831d153bdeef94ecbcb52b78576bbd457df56ed2ee82dd8f1a621bbabfe67eddb847774fc59e8f7ba57b07f645efeb6a746f6cdcafbfbfb2096d52368d1e483a70e59b806fda9bed9a77b5705a2a0ec241e5c127dfa67c7be350e8a1cec3dcc3cddf997fb7f508eb48792bd23abf75ac2da36da03da1bdefe88ca39d1d5e1d47beb7ff7eef31e36375c7358f579ea09d283df1f9e48293e3a764a79e9d4e3f3dd499dc79f74cfc996b5d515dbd6743cf9e3f1774ee4cb75ff7c9f3dee78f5df0bc70f422f762db25b74bad3dae3d477e70fde148af5b6feb65f7cbed573cae74f44deb3bd1efd37ffa6ac0d573d7f8d72e5d9f79bdefc6ec1bb76e26dd1cb825baf5f876f6ed17770aee4cdc5d7a8f78affcbedafdea07fa0fea7fb4feb165c06de0f860c060cfc3590fef0e09879efe94ffd387e1d247cc47d52346238d8f9d1f1f1b0d1abdf264ce93e1a7b2a713cfca7e56ff79eb73abe7dffde2fb4bcf58fcd8f00bf98bcfbfae79a9f372efaba9af3ac723c71fbcce793df1a6fcadcedb7defb8efbadfc7bd1f9928fc40fe50f3d1fa63c7a7d04ff73ee77cfefc2ff784f3fb25d29f33000000206348524d00007a25000080830000f9ff000080e9000075300000ea6000003a980000176f925fc546000002744944415478dabcd9c96b145110c7f1d734b6c9b8ef8a0b2e410cfe77826741100441c48324a006040f8a08828a8a102689c11d238a3b8a0b060feaf7e8e979e9816178f57a7b5587390df47c86ee7e55f52b0738c3cf3ae01af00f580226bdf7ce1af010f0439fbe25622db03802f0c02f2bc41a602100f0c094056215302f00ee0063da881ed01700f78071c069227ac0ac00b85f7eef3411bdf2874280d9618016621cb82b00faa3000dc4caf2610b01e6cb87d469220ae0b60058285f53a78928809b0260b13c299d26a2006e0880475580148802b82e009ed4017445ac28ab6108f014585ff75a6d11397055003c073636b95e1b440e5c11002f804d4dff5453440e5c16004bc09636b7b60922072e0980576d014d10393023005e035bbbbce6751019704100bc01b6753decaa1019705e00bc0576a438f263880c981200ef819da90a9f84c8807302e003b02b65f90f2132e0ac00f804ec4edd0485106704c067608f462b388a382d00be007bb51ae261c42901f015d8a739160c104705c037e080f6703440fc0900be03131623e200f137342302872d114784dbb10c4c5a211c704c80fc040e59211c705c80fc000e5a211c704280a83da852ed3869f9cac6aa68ecf0da6f85303bc6eb7456ea05ad6e7ba75adaeb36bab126e763d726a749cb9f01d31aed5ed3e127d6f8be6bdbf8b6190333e0626404d86e81483e0c758906928d855d4392d880fcb22e24455c5415156cb640740e4d524688b1f8e819b0c102d13a48d388956391e2e310442b602f805b75c355cd55432c667e50aea3d4110e18ab08dc575b20aa560f7340cf6a11175bc24c5bae24a575d4b2f57236b4989bb3460c569433c0ef1234e1bd77ff070038285c304da61b3c0000000049454e44ae426082
31、 f6e5061793111300f06035504031308556e696f6e50617930819f300d060
32、 0000000023456789abcdef12123456786789abcd
33、 b1fdf62b0f540fca5458b063af9354925a6c3505a18ff164b6b195f6e517eaee1fb783
34、 08eb9b5c67474d027fa03ce35109b11604083ab6bb4df2c46240f879f
35、 9d101c97133837e13dde2d32a5054abb

字符串信息

建议导出为TXT，方便查看。

活动列表

显示 24 个 activities

服务列表

显示 4 个 services

广播接收者列表

显示 3 个 receivers

内容提供者列表

显示 1 个 providers

1 . androidx.core.content.FileProvider

第三方SDK

SDK名称	开发者	描述信息
MSA SDK	移动安全联盟	移动智能终端补充设备标识体系统一调用 SDK 由中国信息通信研究院泰尔终端实验室、移动安全联盟整合提供，知识产权归中国信息通信研究院所有。
Bugly	Tencent	腾讯 Bugly，为移动开发者提供专业的异常上报和运营统计，帮助开发者快速发现并解决异常，同时掌握产品运营动态，及时跟进用户反馈。
极光认证 SDK	极光	极光认证整合了三大运营商的网关认证能力，为开发者提供了一键登录和号码认证功能，优化用户注册/登录、号码验证的体验，提高安全性。
闪验 SDK	创蓝云智	闪验整合三大运营商，支持国内三网手机号段，Android/iOS 手机，可通过一键获取用户手机号的 SDK 产品，建立以手机号码作为去中心化的开放账号体系，提升注册转换效率的必备功能。
支付宝 SDK	Alipay	支付宝开放平台基于支付宝海量用户，将强大的支付、营销、数据能力，通过接口等形式开放给第三方合作伙伴，帮助第三方合作伙伴创建更具竞争力的应用。
DataFinder	Volcengine	基于灵活高效的分析模型，发现用户行为数据的价值，进而转化为促进增长的行动。
移动号码认证	中国移动	号码认证能力提供一键登录、本机号码校验服务。
File Provider	Android	FileProvider 是 ContentProvider 的特殊子类，它通过创建 content://Uri 代替 file:///Uri 以促进安全分享与应用程序关联的文件。
FileDownloader	LingoChamp	Android 文件下载引擎，稳定、高效、灵活、简单易用。

文件列表

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析