温馨提示:本平台仅供研究软件风险、安全评估,禁止用于非法用途。由于展示的数据过于全面,请耐心等待加载完成。如有疑问或建议, 可加入我们的微信群讨论

APP评分

病毒检测 19 个厂商报毒

安全评分

文件信息

文件名称 luolilaile289.apk
文件大小 32.03MB
MD5 6055c21e001561c5b114d0da5b392fcb
SHA1 4f03ad952f34eb2111aec11ee0b24ea707a54a8c
SHA256 ed25dc64294f3c65abc1be29ab3342bb45a667e8c4df6134395f48c6ea3bb46b

应用信息

应用名称 萝莉来了
包名 com.gamegoo.loligo.chukong
主活动 com.gamegoo.loligo.vampire
目标SDK 8     最小SDK 8
版本号 1.2.1     子版本号 50
加固信息 未加壳

组件导出信息

查看
查看
查看
查看

扫描选项

重新扫描 管理规则 开始动态分析

反编译代码

Manifest文件 查看
APK文件 下载
Java源代码 查看 -- 下载

证书信息 

二进制文件已签名
v1 签名: True
v2 签名: False
v3 签名: False
v4 签名: False
主题: C=cn, ST=BeiJing, L=BeiJing, O=youxigu, OU=youxigu, CN=chukong
签名算法: rsassa_pkcs1v15
有效期自: 2013-09-04 12:42:30+00:00
有效期至: 2041-01-20 12:42:30+00:00
发行人: C=cn, ST=BeiJing, L=BeiJing, O=youxigu, OU=youxigu, CN=chukong
序列号: 0x52272ab6
哈希算法: sha1
证书MD5: e2785ff72d235dabefddf22efe4337c8
证书SHA1: 8c39d8b6bd0b78bdf2ce12515982a7592fc8fe59
证书SHA256: 8eac24085ee01033f2516f9c75d26a60589fab7039fe66534569deaf8c91c159
证书SHA512: f3e99da7101a64159a54462221d2e45539cae473b7ccaae16bda823316554cc24e3810f6ee3d82b7888c6b2f77e75f414f2db09d1b80f53a0a0ba545946c0f50
找到 1 个唯一证书

应用程序权限

权限名称 安全等级 权限内容 权限描述 关联代码
android.permission.INTERNET 危险 完全互联网访问 允许应用程序创建网络套接字。
android.permission.READ_PHONE_STATE 危险 读取手机状态和标识 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。
android.permission.ACCESS_FINE_LOCATION 危险 获取精确位置 通过GPS芯片接收卫星的定位信息,定位精度达10米以内。恶意程序可以用它来确定您所在的位置。
android.permission.ACCESS_COARSE_LOCATION 危险 获取粗略位置 通过WiFi或移动基站的方式获取用户错略的经纬度信息,定位精度大概误差在30~1500米。恶意程序可以用它来确定您的大概位置。
android.permission.MODIFY_AUDIO_SETTINGS 危险 允许应用修改全局音频设置 允许应用程序修改全局音频设置,如音量。多用于消息语音功能。
android.permission.WRITE_EXTERNAL_STORAGE 危险 读取/修改/删除外部存储内容 允许应用程序写入外部存储。
android.permission.ACCESS_WIFI_STATE 普通 查看Wi-Fi状态 允许应用程序查看有关Wi-Fi状态的信息。
android.permission.ACCESS_NETWORK_STATE 普通 获取网络状态 允许应用程序查看所有网络的状态。
android.permission.WRITE_APN_SETTINGS 危险 写入访问点名称设置 允许应用程序写入访问点名称设置。
android.permission.CHANGE_WIFI_STATE 危险 改变Wi-Fi状态 允许应用程序改变Wi-Fi状态。
android.permission.VIBRATE 普通 控制振动器 允许应用程序控制振动器,用于消息通知振动功能。
android.permission.RECORD_AUDIO 危险 获取录音权限 允许应用程序获取录音权限。
android.permission.WRITE_CONTACTS 危险 写入联系人信息 允许应用程序修改您手机上存储的联系人(地址)数据。恶意应用程序可借此清除或修改您的联系人数据。
android.permission.READ_CONTACTS 危险 读取联系人信息 允允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。
android.permission.GET_ACCOUNTS 普通 探索已知账号 允许应用程序访问帐户服务中的帐户列表。
android.permission.RESTART_PACKAGES 普通 重启进程 允许程序自己重启或重启其他程序
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 危险 装载和卸载文件系统 允许应用程序装载和卸载可移动存储器的文件系统。
android.permission.SEND_SMS 危险 发送短信 允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息,给您带来费用。

证书分析

高危
1
警告
0
信息
1
标题 严重程度 描述信息
已签名应用 信息 应用程序已使用代码签名证书进行签名
应用程序存在Janus漏洞 高危 应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。

MANIFEST分析

高危
0
警告
8
信息
0
屏蔽
0
序号 问题 严重程度 描述信息 操作
1 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 2.2-2.2.3, [minSdk=8] 		信息 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
对应用 com.gamegoo.loligo.chukong 禁止使用 vulnerable_os_version 规则
2 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 		警告 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
对应用 com.gamegoo.loligo.chukong 禁止使用 allowbackup_not_set 规则
3 Service (cn.iyd.iydpay_apk.PunchboxService) 未被保护。
存在一个intent-filter。 		警告 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
对应用 com.gamegoo.loligo.chukong 禁止使用 service_exported_intent_filter_exists 规则
4 Activity (com.unionpay.upomp.lthj.plugin.ui.SplashActivity) 未被保护。
存在一个intent-filter。 		警告 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
对应用 com.gamegoo.loligo.chukong 禁止使用 activity_exported_intent_filter_exists 规则
5 Activity (com.unionpay.upomp.lthj.plugin.ui.IndexActivityGroup) 未被保护。
存在一个intent-filter。 		警告 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
对应用 com.gamegoo.loligo.chukong 禁止使用 activity_exported_intent_filter_exists 规则
6 Service (joy.sdk.JoyService) 未被保护。
存在一个intent-filter。 		警告 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
对应用 com.gamegoo.loligo.chukong 禁止使用 service_exported_intent_filter_exists 规则
7 Broadcast Receiver (.AppRegister) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.tencent.mm.plugin.permission.SEND
[android:exported=true] 		警告 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
对应用 com.gamegoo.loligo.chukong 禁止使用 receiver_exported_protected_permission_not_defined 规则
8 Broadcast Receiver (.AppRegister) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.tencent.mm.plugin.permission.SEND
[android:exported=true] 		警告 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
对应用 com.gamegoo.loligo.chukong 禁止使用 receiver_exported_protected_permission_not_defined 规则
9 高优先级的Intent (1000)
[android:priority] 		警告 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
对应用 com.gamegoo.loligo.chukong 禁止使用 high_intent_priority_found 规则

可浏览的ACTIVITIES

ACTIVITY INTENT

网络安全配置

序号 范围 严重级别 描述

API调用分析

API功能 源码文件
一般功能-> 文件操作
cn/cmgame/billing/a/a.java
cn/cmgame/billing/a/c.java
cn/cmgame/billing/a/j.java
cn/cmgame/billing/api/a.java
cn/cmgame/billing/util/b.java
cn/cmgame/sdk/a/c.java
cn/cmgame/sdk/a/d.java
cn/cmgame/sdk/a/e.java
cn/cmgame/sdk/a/g.java
cn/cmgame/sdk/a/i.java
cn/cmgame/sdk/a/j.java
cn/cmgame/sdk/a/l.java
cn/cmgame/sdk/a/m.java
cn/cmgame/sdk/c/a.java
cn/cmgame/sdk/e/a.java
cn/cmgame/sdk/e/d.java
cn/cmgame/sdk/e/h.java
cn/cmgame/sdk/e/i.java
cn/cmgame/sdk/network/b.java
cn/iyd/iydpay_apk/HuafubaoHelper.java
cn/iyd/iydpay_apk/IydCfg.java
cn/iyd/iydpay_apk/IydHelper.java
cn/iyd/iydpay_apk/IydNet.java
cn/iyd/iydpay_apk/IydpayActivity.java
cn/iyd/iydpay_apk/IydpayUser.java
cn/iyd/iydpay_apk/NetworkManager.java
cn/iyd/iydpay_apk/UnionPayResult.java
cn/iyd/pay/alipay/BaseHelper.java
cn/iyd/pay/alipay/MobileSecurePayHelper.java
cn/iyd/pay/alipay/NetworkManager.java
com/ccit/mmwlan/MMClientSDK_ForPad.java
com/ccit/mmwlan/a/d.java
com/ccit/mmwlan/a/e.java
com/ccit/mmwlan/a/f.java
com/ccit/mmwlan/a/g.java
com/ccit/mmwlan/a/h.java
com/ccit/mmwlan/b/b.java
com/ccit/mmwlan/phone/c.java
com/ccit/mmwlan/phone/d.java
com/egame/utils/PreferenceUtil.java
com/egame/webfee/common/Base64Decoder.java
com/egame/webfee/common/Base64Encoder.java
com/egame/webfee/common/FileHelper.java
com/flurry/android/FlurryAgent.java
com/flurry/android/InstallReceiver.java
com/flurry/android/ac.java
com/flurry/android/ah.java
com/flurry/android/aq.java
com/flurry/android/at.java
com/flurry/android/bb.java
com/flurry/android/bc.java
com/flurry/android/bl.java
com/flurry/android/bo.java
com/flurry/android/k.java
com/flurry/org/codehaus/jackson/JsonFactory.java
com/flurry/org/codehaus/jackson/JsonGenerator.java
com/flurry/org/codehaus/jackson/JsonLocation.java
com/flurry/org/codehaus/jackson/JsonNode.java
com/flurry/org/codehaus/jackson/JsonParser.java
com/flurry/org/codehaus/jackson/JsonProcessingException.java
com/flurry/org/codehaus/jackson/ObjectCodec.java
com/flurry/org/codehaus/jackson/PrettyPrinter.java
com/flurry/org/codehaus/jackson/format/DataFormatDetector.java
com/flurry/org/codehaus/jackson/format/DataFormatMatcher.java
com/flurry/org/codehaus/jackson/format/InputAccessor.java
com/flurry/org/codehaus/jackson/impl/ByteSourceBootstrapper.java
com/flurry/org/codehaus/jackson/impl/Indenter.java
com/flurry/org/codehaus/jackson/impl/JsonGeneratorBase.java
com/flurry/org/codehaus/jackson/impl/JsonParserBase.java
com/flurry/org/codehaus/jackson/impl/JsonParserMinimalBase.java
com/flurry/org/codehaus/jackson/impl/ReaderBasedParser.java
com/flurry/org/codehaus/jackson/impl/ReaderBasedParserBase.java
com/flurry/org/codehaus/jackson/impl/StreamBasedParserBase.java
com/flurry/org/codehaus/jackson/impl/Utf8Generator.java
com/flurry/org/codehaus/jackson/impl/Utf8StreamParser.java
com/flurry/org/codehaus/jackson/impl/WriterBasedGenerator.java
com/flurry/org/codehaus/jackson/io/BaseReader.java
com/flurry/org/codehaus/jackson/io/InputDecorator.java
com/flurry/org/codehaus/jackson/io/MergedStream.java
com/flurry/org/codehaus/jackson/io/OutputDecorator.java
com/flurry/org/codehaus/jackson/io/SegmentedStringWriter.java
com/flurry/org/codehaus/jackson/io/UTF32Reader.java
com/flurry/org/codehaus/jackson/io/UTF8Writer.java
com/flurry/org/codehaus/jackson/map/DeserializationContext.java
com/flurry/org/codehaus/jackson/map/DeserializationProblemHandler.java
com/flurry/org/codehaus/jackson/map/JsonDeserializer.java
com/flurry/org/codehaus/jackson/map/JsonMappingException.java
com/flurry/org/codehaus/jackson/map/JsonSerializable.java
com/flurry/org/codehaus/jackson/map/JsonSerializableWithType.java
com/flurry/org/codehaus/jackson/map/JsonSerializer.java
com/flurry/org/codehaus/jackson/map/KeyDeserializer.java
com/flurry/org/codehaus/jackson/map/MappingIterator.java
com/flurry/org/codehaus/jackson/map/MappingJsonFactory.java
com/flurry/org/codehaus/jackson/map/ObjectMapper.java
com/flurry/org/codehaus/jackson/map/ObjectReader.java
com/flurry/org/codehaus/jackson/map/ObjectWriter.java
com/flurry/org/codehaus/jackson/map/SerializerProvider.java
com/flurry/org/codehaus/jackson/map/TypeDeserializer.java
com/flurry/org/codehaus/jackson/map/TypeSerializer.java
com/flurry/org/codehaus/jackson/map/deser/AbstractDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/BeanDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/JsonNodeDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/SettableAnyProperty.java
com/flurry/org/codehaus/jackson/map/deser/SettableBeanProperty.java
com/flurry/org/codehaus/jackson/map/deser/StdDeserializationContext.java
com/flurry/org/codehaus/jackson/map/deser/StdDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/StdDeserializerProvider.java
com/flurry/org/codehaus/jackson/map/deser/ValueInstantiator.java
com/flurry/org/codehaus/jackson/map/deser/impl/CreatorProperty.java
com/flurry/org/codehaus/jackson/map/deser/impl/ExternalTypeHandler.java
com/flurry/org/codehaus/jackson/map/deser/impl/PropertyBasedCreator.java
com/flurry/org/codehaus/jackson/map/deser/impl/PropertyValue.java
com/flurry/org/codehaus/jackson/map/deser/impl/UnwrappedPropertyHandler.java
com/flurry/org/codehaus/jackson/map/deser/impl/ValueInjector.java
com/flurry/org/codehaus/jackson/map/deser/std/AtomicBooleanDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/AtomicReferenceDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/BaseNodeDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/CalendarDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/ClassDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/CollectionDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/DateDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/EnumDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/EnumMapDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/EnumSetDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/FromStringDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/JavaTypeDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/JsonNodeDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/MapDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/ObjectArrayDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/PrimitiveArrayDeserializers.java
com/flurry/org/codehaus/jackson/map/deser/std/StdDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StdKeyDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StdScalarDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StdValueInstantiator.java
com/flurry/org/codehaus/jackson/map/deser/std/StringCollectionDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StringDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/ThrowableDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/TimestampDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/TokenBufferDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/UntypedObjectDeserializer.java
com/flurry/org/codehaus/jackson/map/ext/CoreXMLDeserializers.java
com/flurry/org/codehaus/jackson/map/ext/CoreXMLSerializers.java
com/flurry/org/codehaus/jackson/map/ext/DOMDeserializer.java
com/flurry/org/codehaus/jackson/map/ext/DOMSerializer.java
com/flurry/org/codehaus/jackson/map/ext/JodaDeserializers.java
com/flurry/org/codehaus/jackson/map/ext/JodaSerializers.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsArrayTypeDeserializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsArrayTypeSerializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsExternalTypeSerializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsPropertyTypeDeserializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsPropertyTypeSerializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsWrapperTypeDeserializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/AsWrapperTypeSerializer.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/TypeDeserializerBase.java
com/flurry/org/codehaus/jackson/map/ser/BeanSerializer.java
com/flurry/org/codehaus/jackson/map/ser/StdSerializerProvider.java
com/flurry/org/codehaus/jackson/map/ser/StdSerializers.java
com/flurry/org/codehaus/jackson/map/ser/impl/FailingSerializer.java
com/flurry/org/codehaus/jackson/map/ser/impl/UnknownSerializer.java
com/flurry/org/codehaus/jackson/map/ser/impl/UnwrappingBeanSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/AsArraySerializerBase.java
com/flurry/org/codehaus/jackson/map/ser/std/BeanSerializerBase.java
com/flurry/org/codehaus/jackson/map/ser/std/CalendarSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/CollectionSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/DateSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/EnumMapSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/EnumSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/EnumSetSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/IndexedStringListSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/InetAddressSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/IterableSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/JsonValueSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/MapSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/NonTypedScalarSerializerBase.java
com/flurry/org/codehaus/jackson/map/ser/std/NullSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/ObjectArraySerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/RawSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/ScalarSerializerBase.java
com/flurry/org/codehaus/jackson/map/ser/std/SerializableSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/SerializableWithTypeSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/SerializerBase.java
com/flurry/org/codehaus/jackson/map/ser/std/StdArraySerializers.java
com/flurry/org/codehaus/jackson/map/ser/std/StdContainerSerializers.java
com/flurry/org/codehaus/jackson/map/ser/std/StdJdkSerializers.java
com/flurry/org/codehaus/jackson/map/ser/std/StdKeySerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/StdKeySerializers.java
com/flurry/org/codehaus/jackson/map/ser/std/StringCollectionSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/StringSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/TimeZoneSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/ToStringSerializer.java
com/flurry/org/codehaus/jackson/map/ser/std/TokenBufferSerializer.java
com/flurry/org/codehaus/jackson/map/type/TypeBase.java
com/flurry/org/codehaus/jackson/map/util/JSONPObject.java
com/flurry/org/codehaus/jackson/map/util/JSONWrappedObject.java
com/flurry/org/codehaus/jackson/node/ArrayNode.java
com/flurry/org/codehaus/jackson/node/BaseJsonNode.java
com/flurry/org/codehaus/jackson/node/BigIntegerNode.java
com/flurry/org/codehaus/jackson/node/BinaryNode.java
com/flurry/org/codehaus/jackson/node/BooleanNode.java
com/flurry/org/codehaus/jackson/node/DecimalNode.java
com/flurry/org/codehaus/jackson/node/DoubleNode.java
com/flurry/org/codehaus/jackson/node/IntNode.java
com/flurry/org/codehaus/jackson/node/LongNode.java
com/flurry/org/codehaus/jackson/node/MissingNode.java
com/flurry/org/codehaus/jackson/node/NullNode.java
com/flurry/org/codehaus/jackson/node/ObjectNode.java
com/flurry/org/codehaus/jackson/node/POJONode.java
com/flurry/org/codehaus/jackson/node/TextNode.java
com/flurry/org/codehaus/jackson/node/TreeTraversingParser.java
com/flurry/org/codehaus/jackson/node/ValueNode.java
com/flurry/org/codehaus/jackson/util/ByteArrayBuilder.java
com/flurry/org/codehaus/jackson/util/DefaultPrettyPrinter.java
com/flurry/org/codehaus/jackson/util/JsonGeneratorDelegate.java
com/flurry/org/codehaus/jackson/util/JsonParserDelegate.java
com/flurry/org/codehaus/jackson/util/JsonParserSequence.java
com/flurry/org/codehaus/jackson/util/MinimalPrettyPrinter.java
com/flurry/org/codehaus/jackson/util/TokenBuffer.java
com/flurry/org/codehaus/jackson/util/VersionUtil.java
com/gamegoo/loligo/share/AccessTokenKeeper.java
com/gamegoo/loligo/share/ShareSina.java
com/gamegoo/loligo/wxapi/ShareToWeixin.java
com/gamegoo/loligo/wxapi/WXEntryActivity.java
com/infinit/MultimodeBilling/tools/PhoneInfoTools.java
com/infinit/MultimodeBilling/tools/Utilities.java
com/infinit/MultimodeBilling/xmlParser/XMLUtil.java
com/infinit/multimode_billig/log/LogSocket.java
com/infinit/multimode_billig/log/LogUtils.java
com/infinit/multimode_billing5/net/AsyncMultimode.java
com/infinit/multimode_billing5/net/HttpNet.java
com/infinit/multimode_billing_vac/ui/IlIllIlIlIIlIIll.java
com/infinit/multimode_billing_vac/ui/IlllllIlIIIIlIlI.java
com/infinit/multimode_billing_vac/ui/MultiModePay.java
com/infinit/multimode_billing_vac/ui/PVacEnSureDialog.java
com/infinit/multimode_billing_vac/ui/PVacEnsureOneDialog.java
com/infinit/multimode_billing_vac/ui/VacEnSureDialog.java
com/infinit/multimode_billing_vac/ui/VacEnsureOneDialog.java
com/infinit/multimode_billing_vac/ui/VacPayFailDialog.java
com/infinit/multimode_billing_vac/ui/llIIlllIIlIIlIll.java
com/lthj/unipay/plugin/ak.java
com/lthj/unipay/plugin/as.java
com/lthj/unipay/plugin/at.java
com/lthj/unipay/plugin/ay.java
com/lthj/unipay/plugin/bs.java
com/lthj/unipay/plugin/cp.java
com/lthj/unipay/plugin/ct.java
com/lthj/unipay/plugin/cv.java
com/lthj/unipay/plugin/dg.java
com/lthj/unipay/plugin/di.java
com/lthj/unipay/plugin/j.java
com/mrseven/payment/BaseHelper.java
com/mrseven/payment/MobileSecurePayHelper.java
com/punchbox/hailstone/HSDataCache.java
com/punchbox/hailstone/HSDataStat.java
com/punchbox/hailstone/a/a.java
com/tencent/mm/algorithm/MD5.java
com/unicom/errormsg/ErrorMsgHttpRequest.java
com/unicom/errormsg/SqliteUtils.java
com/unicom/errormsg/llIlIllIIlllIlll.java
com/unionpay/upomp/lthj/plugin/ui/SplashActivity.java
com/weibo/sdk/android/WeiboDialog.java
com/weibo/sdk/android/net/HttpManager.java
com/weibo/sdk/android/net/RequestListener.java
com/weibo/sdk/android/util/BitmapHelper.java
com/weibo/sdk/android/util/Utility.java
com/zte/appstore/common/tool/crypt/Base64.java
com/zte/appstore/common/tool/crypt/CryptUtil.java
joy/JoyTextInput.java
joy/cocos2dx/lib/Cocos2dxHelper.java
joy/cocos2dx/lib/Cocos2dxMusic.java
joy/sdk/ContactAccessorSdk5.java
joy/sdk/JoyAudioLib.java
joy/sdk/JoyCamera.java
joy/sdk/JoyCapture.java
joy/sdk/JoyDevice.java
joy/sdk/JoyDirectoryManager.java
joy/sdk/JoyExifHelper.java
joy/sdk/JoyFileUtils.java
joy/sdk/JoyGetFriendByPhone.java
joy/sdk/JoyMedia.java
mm/purchasesdk/a/b.java
mm/purchasesdk/a/c.java
mm/purchasesdk/a/d.java
mm/purchasesdk/b/c.java
mm/purchasesdk/b/d.java
mm/purchasesdk/d/a.java
mm/purchasesdk/e/a.java
mm/purchasesdk/f/d.java
mm/purchasesdk/f/e.java
mm/purchasesdk/fingerprint/a.java
mm/purchasesdk/fingerprint/c.java
mm/purchasesdk/g/a.java
mm/purchasesdk/g/b.java
mm/purchasesdk/g/c.java
mm/purchasesdk/g/d.java
mm/purchasesdk/g/g.java
mm/purchasesdk/g/h.java
mm/purchasesdk/j/b.java
mm/purchasesdk/j/c.java
mm/purchasesdk/k/e.java
mm/purchasesdk/k/f.java
mm/purchasesdk/k/g.java
mm/purchasesdk/ui/aa.java
mm/purchasesdk/ui/y.java
org/cocos2dx/a/a.java
org/cocos2dx/a/b.java
org/cocos2dx/a/c.java
org/cocos2dx/a/d.java
org/cocos2dx/a/g.java
org/cocos2dx/c/a.java
org/cocos2dx/d/b.java
org/cocos2dx/d/c.java
org/cocos2dx/lib/Cocos2dxHelper.java
一般功能-> 获取系统服务(getSystemService)
cn/cmgame/billing/api/a.java
cn/cmgame/sdk/e/e.java
cn/cmgame/sdk/e/h.java
cn/cmgame/sdk/network/a.java
cn/cmgame/sdk/sms/b.java
cn/iyd/iydpay_apk/IydNet.java
cn/iyd/iydpay_apk/Iydpay.java
cn/iyd/iydpay_apk/IydpayActivity.java
cn/iyd/iydpay_apk/IydpayUser.java
cn/iyd/iydpay_apk/NetworkManager.java
cn/iyd/iydpay_apk/system.java
cn/iyd/pay/alipay/NetworkManager.java
com/ccit/mmwlan/MMClientSDK_ForPad.java
com/ccit/mmwlan/b/a.java
com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java
com/egame/utils/DialogUtil.java
com/egame/utils/EgameDeviceUtils.java
com/egame/utils/Utils.java
com/egame/webfee/common/Urls.java
com/flurry/android/FlurryAgent.java
com/flurry/android/bo.java
com/gamegoo/loligo/util/Tutil.java
com/gamegoo/loligo/vampire.java
com/infinit/MultimodeBilling/tools/PhoneInfoTools.java
com/infinit/multimode_billig/log/LogNet.java
com/iyd/iydtelephoneinfo/Hisense.java
com/iyd/iydtelephoneinfo/MtkPhoneInfo.java
com/iyd/iydtelephoneinfo/PhoneInfo.java
com/iyd/iydtelephoneinfo/ZhanXun.java
com/lthj/unipay/plugin/aa.java
com/lthj/unipay/plugin/at.java
com/lthj/unipay/plugin/ay.java
com/lthj/unipay/plugin/f.java
com/lthj/unipay/plugin/j.java
com/punchbox/hailstone/a/a.java
com/unicom/errormsg/SqliteUtils.java
com/unionpay/upomp/lthj/plugin/ui/KeyboardDialog.java
com/unionpay/upomp/lthj/plugin/ui/PayActivity.java
com/weibo/sdk/android/net/NetStateManager.java
com/weibo/sdk/android/util/Utility.java
joy/JoyTextInput.java
joy/cocos2dx/lib/Cocos2dxAccelerometer.java
joy/cocos2dx/lib/Cocos2dxEditBoxDialog.java
joy/cocos2dx/lib/Cocos2dxGLSurfaceView.java
joy/cocos2dx/lib/Cocos2dxTextInputWraper.java
joy/sdk/JoyAccelerometer.java
joy/sdk/JoyCapture.java
joy/sdk/JoyClient.java
joy/sdk/JoyCompass.java
joy/sdk/JoyDevice.java
joy/sdk/JoyGeolocation.java
joy/sdk/JoyNetworkManager.java
joy/sdk/JoyNotification.java
joy/sdk/JoyService.java
mm/purchasesdk/c/a.java
mm/purchasesdk/k/d.java
mm/purchasesdk/k/g.java
org/cocos2dx/d/c.java
org/cocos2dx/lib/Cocos2dxAccelerometer.java
org/cocos2dx/lib/Cocos2dxEditBoxDialog.java
org/cocos2dx/lib/Cocos2dxGLSurfaceView.java
org/cocos2dx/lib/Cocos2dxTextInputWraper.java
隐私数据-> 录制视频 joy/sdk/JoyCapture.java
一般功能-> IPC通信
cn/cmgame/billing/api/a.java
cn/cmgame/billing/ui/GameOpenActivity.java
cn/cmgame/billing/ui/OpeningAnimation.java
cn/cmgame/billing/ui/a.java
cn/cmgame/sdk/e/h.java
cn/cmgame/sdk/network/NetworkChangeReceiver.java
cn/cmgame/sdk/sms/SmsSendCallback.java
cn/cmgame/sdk/sms/a.java
cn/cmgame/sdk/sms/b.java
cn/iyd/iydpay_apk/HuafubaoHelper.java
cn/iyd/iydpay_apk/IPay.java
cn/iyd/iydpay_apk/IydpayActivity.java
cn/iyd/iydpay_apk/IydpayService.java
cn/iyd/iydpay_apk/PunchboxService.java
cn/iyd/pay/alipay/MobileSecurePayHelper.java
cn/iyd/pay/alipay/MobileSecurePayer.java
com/alipay/android/app/IAliPay.java
com/alipay/android/app/IAlixPay.java
com/alipay/android/app/IRemoteServiceCallback.java
com/ccit/mmwlan/b/a.java
com/egame/webfee/SmsBroadcastReceiver.java
com/egame/webfee/task/SmsFeeTask.java
com/flurry/android/FlurryAgent.java
com/flurry/android/FlurryFullscreenTakeoverActivity.java
com/flurry/android/InstallReceiver.java
com/flurry/android/ac.java
com/flurry/android/ap.java
com/flurry/android/ax.java
com/flurry/android/bk.java
com/flurry/android/bo.java
com/flurry/android/c.java
com/gamegoo/loligo/vampire.java
com/gamegoo/loligo/wxapi/AppRegister.java
com/gamegoo/loligo/wxapi/ShareToWeixin.java
com/gamegoo/loligo/wxapi/WXEntryActivity.java
com/infinit/MultimodeBilling/tools/MyHandler.java
com/infinit/MultimodeBilling/tools/PhoneInfoTools.java
com/infinit/multimode_billing_vac/ui/IIlIlIllIIllIIlI.java
com/infinit/multimode_billing_vac/ui/MultiModePay.java
com/iyd/iydtelephoneinfo/LenovoPhoneInfo.java
com/iyd/iydtelephoneinfo/PhoneInfo.java
com/iyd/iydtelephoneinfo/ZhanXun.java
com/iydpay/iydpay_lib/Iydpay.java
com/lthj/unipay/plugin/a.java
com/lthj/unipay/plugin/af.java
com/lthj/unipay/plugin/bd.java
com/lthj/unipay/plugin/bg.java
com/lthj/unipay/plugin/bq.java
com/lthj/unipay/plugin/br.java
com/lthj/unipay/plugin/bt.java
com/lthj/unipay/plugin/bv.java
com/lthj/unipay/plugin/cj.java
com/lthj/unipay/plugin/dc.java
com/lthj/unipay/plugin/dp.java
com/lthj/unipay/plugin/ds.java
com/lthj/unipay/plugin/dz.java
com/lthj/unipay/plugin/eb.java
com/lthj/unipay/plugin/eg.java
com/lthj/unipay/plugin/ei.java
com/lthj/unipay/plugin/el.java
com/lthj/unipay/plugin/em.java
com/lthj/unipay/plugin/x.java
com/lthj/unipay/plugin/y.java
com/mrseven/payment/ITaskCallback.java
com/mrseven/payment/MobileSecurePayHelper.java
com/mrseven/payment/PayApiIFC.java
com/unionpay/upomp/lthj/plugin/ui/AccountActivity.java
com/unionpay/upomp/lthj/plugin/ui/BankCardInfoActivity.java
com/unionpay/upomp/lthj/plugin/ui/HomeActivity.java
com/unionpay/upomp/lthj/plugin/ui/IndexActivityGroup.java
com/unionpay/upomp/lthj/plugin/ui/PayActivity.java
com/unionpay/upomp/lthj/plugin/ui/SupportCardActivity.java
com/weibo/sdk/android/WeiboDialog.java
com/weibo/sdk/android/net/NetStateManager.java
joy/JoyISystem.java
joy/JoyInterface.java
joy/JoySystem.java
joy/sdk/JoyCamera.java
joy/sdk/JoyClient.java
joy/sdk/JoyEvents.java
joy/sdk/JoyNetworkManager.java
joy/sdk/JoyNotification.java
joy/sdk/JoyPay.java
joy/sdk/JoyPlugin.java
joy/sdk/JoyPluginManager.java
joy/sdk/JoyPush.java
joy/sdk/JoyService.java
joy/sdk/JoySmsReceiver.java
组件-> 启动 Activity
加密解密-> Crypto加解密组件
加密解密-> 信息摘要算法
进程操作-> 杀死进程 cn/cmgame/billing/api/a.java
joy/cocos2dx/lib/Cocos2dxHelper.java
org/cocos2dx/lib/Cocos2dxHelper.java
进程操作-> 获取进程pid cn/cmgame/billing/api/a.java
joy/cocos2dx/lib/Cocos2dxHelper.java
org/cocos2dx/lib/Cocos2dxHelper.java
调用java反射机制
cn/cmgame/sdk/e/h.java
cn/cmgame/sdk/sms/a.java
cn/cmgame/sdk/sms/b.java
com/ccit/mmwlan/b/c.java
com/flurry/org/codehaus/jackson/map/deser/BasicDeserializerFactory.java
com/flurry/org/codehaus/jackson/map/deser/SettableAnyProperty.java
com/flurry/org/codehaus/jackson/map/deser/SettableBeanProperty.java
com/flurry/org/codehaus/jackson/map/deser/std/ClassDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/EnumDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StdKeyDeserializer.java
com/flurry/org/codehaus/jackson/map/deser/std/StdKeyDeserializers.java
com/flurry/org/codehaus/jackson/map/ext/OptionalHandlerFactory.java
com/flurry/org/codehaus/jackson/map/introspect/AnnotatedClass.java
com/flurry/org/codehaus/jackson/map/introspect/AnnotatedField.java
com/flurry/org/codehaus/jackson/map/introspect/AnnotatedMethod.java
com/flurry/org/codehaus/jackson/map/introspect/AnnotatedMethodMap.java
com/flurry/org/codehaus/jackson/map/introspect/BasicBeanDescription.java
com/flurry/org/codehaus/jackson/map/introspect/BasicClassIntrospector.java
com/flurry/org/codehaus/jackson/map/introspect/MemberKey.java
com/flurry/org/codehaus/jackson/map/introspect/MethodFilter.java
com/flurry/org/codehaus/jackson/map/introspect/VisibilityChecker.java
com/flurry/org/codehaus/jackson/map/jsontype/impl/ClassNameIdResolver.java
com/flurry/org/codehaus/jackson/map/ser/AnyGetterWriter.java
com/flurry/org/codehaus/jackson/map/ser/BasicSerializerFactory.java
com/flurry/org/codehaus/jackson/map/ser/BeanPropertyWriter.java
com/flurry/org/codehaus/jackson/map/ser/PropertyBuilder.java
com/flurry/org/codehaus/jackson/map/ser/std/JsonValueSerializer.java
com/flurry/org/codehaus/jackson/map/type/TypeParser.java
com/flurry/org/codehaus/jackson/map/util/ClassUtil.java
com/infinit/MultimodeBilling/tools/PhoneInfoTools.java
com/infinit/MultimodeBilling/xmlParser/XMLUtil.java
com/iyd/iydtelephoneinfo/Hisense.java
com/iyd/iydtelephoneinfo/LenovoPhoneInfo.java
com/iyd/iydtelephoneinfo/MtkPhoneInfo.java
com/iyd/iydtelephoneinfo/Tools.java
mm/purchasesdk/fingerprint/c.java
mm/purchasesdk/k/b.java
mm/purchasesdk/k/c.java
mm/purchasesdk/k/e.java
网络通信-> WebView 相关
设备指纹-> 查看本机IMSI
隐私数据-> 获取已安装的应用程序
一般功能-> 查看\修改Android系统属性 cn/cmgame/sdk/e/h.java
mm/purchasesdk/fingerprint/c.java
mm/purchasesdk/k/c.java
一般功能-> 获取活动网路信息
隐私数据-> 读写通讯录 cn/cmgame/sdk/e/h.java
joy/sdk/ContactAccessorSdk5.java
joy/sdk/JoyGetFriendByPhone.java
网络通信-> HTTP建立连接
网络通信-> TCP套接字
网络通信-> DefaultHttpClient Connection
网络通信-> HTTPS建立连接 cn/iyd/iydpay_apk/NetworkManager.java
cn/iyd/pay/alipay/NetworkManager.java
设备指纹-> 查看本机号码
一般功能-> 获取WiFi相关信息
组件-> 发送广播 com/infinit/MultimodeBilling/tools/MyHandler.java
joy/sdk/JoyNotification.java
隐私数据-> 发送SMS短信息
一般功能-> 加载so文件
设备指纹-> 查看本机SIM卡序列号
设备指纹-> getSimOperator cn/cmgame/sdk/network/a.java
com/egame/utils/EgameDeviceUtils.java
mm/purchasesdk/k/g.java
命令执行-> getRuntime.exec()
网络通信-> SSL证书处理
组件-> 启动 Service
一般功能-> 传感器相关操作
一般功能-> Android通知 joy/sdk/JoyService.java
网络通信-> WebView JavaScript接口
隐私数据-> 获取GPS位置信息
网络通信-> WebView GET请求 com/flurry/android/ap.java
网络通信-> HTTP请求、连接和会话
进程操作-> 获取运行的进程\服务 joy/sdk/JoyClient.java
一般功能-> 获取网络接口信息 com/punchbox/hailstone/a/a.java
隐私数据-> 录制音频行为 joy/sdk/JoyAudioLib.java
组件-> ContentProvider joy/sdk/ContactAccessorSdk5.java
隐私数据-> 用户账户管理 joy/sdk/ContactAccessorSdk5.java
加密解密-> Base64 加密 joy/sdk/JoyCamera.java
加密解密-> Base64 解密 joy/sdk/JoyCamera.java
隐私数据-> 读取短信 cn/iyd/iydpay_apk/IydpayService.java
joy/sdk/JoySmsReceiver.java

源代码分析

高危
7
警告
7
信息
1
安全
1
屏蔽
0
序号 问题 等级 参考标准 文件位置 操作
1 应用程序记录日志信息,不得记录敏感信息 信息 CWE: CWE-532: 通过日志文件的信息暴露
OWASP MASVS: MSTG-STORAGE-3
cn/cmgame/billing/api/a.java
cn/cmgame/sdk/e/h.java
cn/cmgame/sdk/network/b.java
cn/cmgame/sdk/sms/SmsSendCallback.java
cn/iyd/iydpay_apk/Iap.java
cn/iyd/iydpay_apk/IydHelper.java
cn/iyd/iydpay_apk/IydNet.java
cn/iyd/iydpay_apk/Iydpay.java
cn/iyd/iydpay_apk/IydpayActivity.java
cn/iyd/iydpay_apk/IydpayService.java
cn/iyd/iydpay_apk/NetworkManager.java
cn/iyd/iydpay_apk/UnionPayResult.java
cn/iyd/pay/alipay/Alix.java
cn/iyd/pay/alipay/BaseHelper.java
cn/iyd/pay/alipay/MobileSecurePayHelper.java
cn/iyd/pay/alipay/NetworkManager.java
com/ccit/mmwlan/MMClientSDK_ForIdentity.java
com/ccit/mmwlan/MMClientSDK_ForLogin.java
com/ccit/mmwlan/MMClientSDK_ForPad.java
com/ccit/mmwlan/a/d.java
com/ccit/mmwlan/a/e.java
com/ccit/mmwlan/a/g.java
com/ccit/mmwlan/a/h.java
com/ccit/mmwlan/b/a.java
com/ccit/mmwlan/b/b.java
com/ccit/mmwlan/b/c.java
com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java
com/egame/utils/JSONUtils.java
com/egame/utils/SecretUtilTools.java
com/egame/webfee/EgameFee.java
com/egame/webfee/SmsBroadcastReceiver.java
com/egame/webfee/common/Base64Decoder.java
com/egame/webfee/common/Base64Encoder.java
com/egame/webfee/common/L.java
com/egame/webfee/common/Urls.java
com/egame/webfee/task/SmsFeeTask.java
com/flurry/android/FlurryAgent.java
com/flurry/android/InstallReceiver.java
com/flurry/android/ab.java
com/flurry/android/ad.java
com/flurry/android/ae.java
com/flurry/android/af.java
com/flurry/android/ag.java
com/flurry/android/ak.java
com/flurry/android/al.java
com/flurry/android/am.java
com/flurry/android/aw.java
com/flurry/android/ay.java
com/flurry/android/bg.java
com/flurry/android/bm.java
com/flurry/android/bo.java
com/flurry/android/g.java
com/flurry/android/i.java
com/flurry/android/j.java
com/flurry/android/m.java
com/flurry/android/w.java
com/gamegoo/loligo/GlobalCToJava.java
com/gamegoo/loligo/joy/GameJoy.java
com/gamegoo/loligo/joy/JoyAutoLoginCallback.java
com/gamegoo/loligo/share/ShareSina.java
com/gamegoo/loligo/vampire.java
com/gamegoo/loligo/wxapi/WXEntryActivity.java
com/infinit/multimode_billig/log/IllllIIIllIlIllI.java
com/infinit/multimode_billig/log/LogNet.java
com/infinit/multimode_billig/log/LogSocket.java
com/infinit/multimode_billig/log/LogUtils.java
com/infinit/multimode_billig/log/lllllIIIllIlIllI.java
com/infinit/multimode_billing5/net/HttpNet.java
com/infinit/multimode_billing_vac/ui/MultiModePay.java
com/infinit/multimode_billing_vac/ui/PVacEnsureOneDialog.java
com/infinit/multimode_billing_vac/ui/VacEnSureDialog.java
com/infinit/multimode_billing_vac/ui/VacEnsureOneDialog.java
com/iyd/iydtelephoneinfo/Tools.java
com/iydpay/iydpay_lib/Iydpay.java
com/lthj/unipay/plugin/ab.java
com/lthj/unipay/plugin/at.java
com/lthj/unipay/plugin/ay.java
com/lthj/unipay/plugin/co.java
com/punchbox/hailstone/HSInstance.java
com/weibo/sdk/android/Weibo.java
com/weibo/sdk/android/WeiboDialog.java
com/weibo/sdk/android/util/Utility.java
com/zte/appstore/common/tool/crypt/CryptTest.java
joy/JoyInterface.java
joy/JoyRender.java
joy/JoySystem.java
joy/cocos2dx/lib/Cocos2dxBitmap.java
joy/cocos2dx/lib/Cocos2dxGLSurfaceView.java
joy/cocos2dx/lib/Cocos2dxMusic.java
joy/cocos2dx/lib/Cocos2dxSound.java
joy/cocos2dx/lib/JoyCocos2dxRenderer.java
joy/sdk/ContactAccessor.java
joy/sdk/ContactAccessorSdk5.java
joy/sdk/JoyAccelerometer.java
joy/sdk/JoyAudioLib.java
joy/sdk/JoyCamera.java
joy/sdk/JoyCapture.java
joy/sdk/JoyClient.java
joy/sdk/JoyContacts.java
joy/sdk/JoyDevice.java
joy/sdk/JoyEvents.java
joy/sdk/JoyException.java
joy/sdk/JoyFileUtils.java
joy/sdk/JoyGeolocation.java
joy/sdk/JoyGlobalization.java
joy/sdk/JoyLocationListener.java
joy/sdk/JoyMedia.java
joy/sdk/JoyNotification.java
joy/sdk/JoyPay.java
joy/sdk/JoyPluginManager.java
joy/sdk/JoyService.java
joy/sdk/JoySmsReceiver.java
mm/purchasesdk/k/b.java
mm/purchasesdk/k/e.java
org/cocos2dx/PBInstance.java
org/cocos2dx/d/b.java
org/cocos2dx/lib/Cocos2dxBitmap.java
org/cocos2dx/lib/Cocos2dxGLSurfaceView.java
org/cocos2dx/lib/Cocos2dxMusic.java
org/cocos2dx/lib/Cocos2dxRenderer.java
org/cocos2dx/lib/Cocos2dxSound.java
Suppress the rule android_logging in com.gamegoo.loligo.chukong Suppress the rule android_logging in com.gamegoo.loligo.chukong only from these files
2 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 警告 CWE: CWE-276: 默认权限不正确
OWASP Top 10: M2: Insecure Data Storage
OWASP MASVS: MSTG-STORAGE-2
Suppress the rule android_read_write_external in com.gamegoo.loligo.chukong Suppress the rule android_read_write_external in com.gamegoo.loligo.chukong only from these files
3 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 警告 CWE: CWE-312: 明文存储敏感信息
OWASP Top 10: M9: Reverse Engineering
OWASP MASVS: MSTG-STORAGE-14
Suppress the rule android_hardcoded in com.gamegoo.loligo.chukong Suppress the rule android_hardcoded in com.gamegoo.loligo.chukong only from these files
4 MD5是已知存在哈希冲突的弱哈希 警告 CWE: CWE-327: 使用已被攻破或存在风险的密码学算法
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-4
Suppress the rule android_md5 in com.gamegoo.loligo.chukong Suppress the rule android_md5 in com.gamegoo.loligo.chukong only from these files
5 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 高危 CWE: CWE-295: 证书验证不恰当
OWASP Top 10: M3: Insecure Communication
OWASP MASVS: MSTG-NETWORK-3 		cn/iyd/iydpay_apk/NetworkManager.java
cn/iyd/pay/alipay/NetworkManager.java
com/weibo/sdk/android/net/HttpManager.java
Suppress the rule android_insecure_ssl in com.gamegoo.loligo.chukong Suppress the rule android_insecure_ssl in com.gamegoo.loligo.chukong only from these files
6 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 安全
OWASP MASVS: MSTG-NETWORK-4 		cn/iyd/pay/alipay/NetworkManager.java
com/weibo/sdk/android/net/HttpManager.java
Suppress the rule android_ssl_pinning in com.gamegoo.loligo.chukong Suppress the rule android_ssl_pinning in com.gamegoo.loligo.chukong only from these files
7 启用了调试配置。生产版本不能是可调试的 高危 CWE: CWE-919: 移动应用程序中的弱点
OWASP Top 10: M1: Improper Platform Usage
OWASP MASVS: MSTG-RESILIENCE-2
Suppress the rule android_aar_jar_debug_enabled in com.gamegoo.loligo.chukong Suppress the rule android_aar_jar_debug_enabled in com.gamegoo.loligo.chukong only from these files
8 应用程序使用不安全的随机数生成器 警告 CWE: CWE-330: 使用不充分的随机数
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-6
Suppress the rule android_insecure_random in com.gamegoo.loligo.chukong Suppress the rule android_insecure_random in com.gamegoo.loligo.chukong only from these files
9 IP地址泄露 警告 CWE: CWE-200: 信息泄露
OWASP MASVS: MSTG-CODE-2
Suppress the rule android_ip_disclosure in com.gamegoo.loligo.chukong Suppress the rule android_ip_disclosure in com.gamegoo.loligo.chukong only from these files
10 该文件是World Readable。任何应用程序都可以读取文件 高危 CWE: CWE-276: 默认权限不正确
OWASP Top 10: M2: Insecure Data Storage
OWASP MASVS: MSTG-STORAGE-2 		cn/iyd/iydpay_apk/IydpayUser.java
Suppress the rule android_world_readable in com.gamegoo.loligo.chukong Suppress the rule android_world_readable in com.gamegoo.loligo.chukong only from these files
11 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 警告 CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当('SQL 注入')
OWASP Top 10: M7: Client Code Quality
Suppress the rule android_sql_raw_query in com.gamegoo.loligo.chukong Suppress the rule android_sql_raw_query in com.gamegoo.loligo.chukong only from these files
12 使用弱加密算法 高危 CWE: CWE-327: 使用已被攻破或存在风险的密码学算法
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-4 		cn/cmgame/sdk/e/c.java
cn/cmgame/sdk/e/d.java
com/egame/utils/SecretUtilTools.java
Suppress the rule android_weak_ciphers in com.gamegoo.loligo.chukong Suppress the rule android_weak_ciphers in com.gamegoo.loligo.chukong only from these files
13 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 高危 CWE: CWE-649: 依赖于混淆或加密安全相关输入而不进行完整性检查
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-3 		cn/cmgame/sdk/e/d.java
Suppress the rule cbc_padding_oracle in com.gamegoo.loligo.chukong Suppress the rule cbc_padding_oracle in com.gamegoo.loligo.chukong only from these files
14 SHA-1是已知存在哈希冲突的弱哈希 警告 CWE: CWE-327: 使用已被攻破或存在风险的密码学算法
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-4 		cn/cmgame/billing/a/j.java
com/flurry/android/ac.java
Suppress the rule android_sha1 in com.gamegoo.loligo.chukong Suppress the rule android_sha1 in com.gamegoo.loligo.chukong only from these files
15 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 高危 CWE: CWE-79: 在Web页面生成时对输入的转义处理不恰当('跨站脚本')
OWASP Top 10: M1: Improper Platform Usage
OWASP MASVS: MSTG-PLATFORM-6 		com/flurry/android/ap.java
Suppress the rule android_webview_xss in com.gamegoo.loligo.chukong Suppress the rule android_webview_xss in com.gamegoo.loligo.chukong only from these files
16 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 高危 CWE: CWE-295: 证书验证不恰当
OWASP Top 10: M3: Insecure Communication
OWASP MASVS: MSTG-NETWORK-3 		com/weibo/sdk/android/WeiboDialog.java
Suppress the rule android_webview_ignore_ssl in com.gamegoo.loligo.chukong Suppress the rule android_webview_ignore_ssl in com.gamegoo.loligo.chukong only from these files

动态库分析

序号 动态库 NX(堆栈禁止执行) STACK CANARY(栈保护) RELRO RPATH(指定SO搜索路径) RUNPATH(指定SO搜索路径) FORTIFY(常用函数加强检查) SYMBOLS STRIPPED(裁剪符号表)
1 armeabi/libcasdkjni.so
 True
info
二进制文件设置了 NX 位。这标志着内存页面不可执行,使得攻击者注入的 shellcode 不可执行。		 True
info
这个二进制文件在栈上添加了一个栈哨兵值,以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出		 No RELRO
high
此共享对象未启用 RELRO。整个 GOT(.got 和 .got.plt)都是可写的。如果没有此编译器标志,全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO,仅使用 -z,relro 启用部分 RELRO。		 None
info
二进制文件没有设置运行时搜索路径或RPATH		 None
info
二进制文件没有设置 RUNPATH		 False
warning
二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数(如 strcpy,gets 等)的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用		 False
warning
符号可用
2 armeabi/libidentifyapp.so
 True
info
二进制文件设置了 NX 位。这标志着内存页面不可执行,使得攻击者注入的 shellcode 不可执行。		 True
info
这个二进制文件在栈上添加了一个栈哨兵值,以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出		 No RELRO
high
此共享对象未启用 RELRO。整个 GOT(.got 和 .got.plt)都是可写的。如果没有此编译器标志,全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO,仅使用 -z,relro 启用部分 RELRO。		 None
info
二进制文件没有设置运行时搜索路径或RPATH		 None
info
二进制文件没有设置 RUNPATH		 False
warning
二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数(如 strcpy,gets 等)的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用		 False
warning
符号可用
3 armeabi/libjoygamesdk.so
 True
info
二进制文件设置了 NX 位。这标志着内存页面不可执行,使得攻击者注入的 shellcode 不可执行。		 True
info
这个二进制文件在栈上添加了一个栈哨兵值,以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出		 Full RELRO
info
此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中,整个 GOT(.got 和 .got.plt 两者)被标记为只读。		 None
info
二进制文件没有设置运行时搜索路径或RPATH		 None
info
二进制文件没有设置 RUNPATH		 False
warning
二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数(如 strcpy,gets 等)的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用		 False
warning
符号可用
4 armeabi/liblthj_unipaybusiness.so
 True
info
二进制文件设置了 NX 位。这标志着内存页面不可执行,使得攻击者注入的 shellcode 不可执行。		 True
info
这个二进制文件在栈上添加了一个栈哨兵值,以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出		 No RELRO
high
此共享对象未启用 RELRO。整个 GOT(.got 和 .got.plt)都是可写的。如果没有此编译器标志,全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO,仅使用 -z,relro 启用部分 RELRO。		 None
info
二进制文件没有设置运行时搜索路径或RPATH		 None
info
二进制文件没有设置 RUNPATH		 False
warning
二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数(如 strcpy,gets 等)的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用		 False
warning
符号可用
5 armeabi/liblthj_unipaybusiness20130328.so
 True
info
二进制文件设置了 NX 位。这标志着内存页面不可执行,使得攻击者注入的 shellcode 不可执行。		 True
info
这个二进制文件在栈上添加了一个栈哨兵值,以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出		 No RELRO
high
此共享对象未启用 RELRO。整个 GOT(.got 和 .got.plt)都是可写的。如果没有此编译器标志,全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO,仅使用 -z,relro 启用部分 RELRO。		 None
info
二进制文件没有设置运行时搜索路径或RPATH		 None
info
二进制文件没有设置 RUNPATH		 False
warning
二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数(如 strcpy,gets 等)的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用		 False
warning
符号可用

文件分析

序号 问题 文件

VIRUSTOTAL扫描

  检出率: 19 / 67       完整报告

反病毒引擎 检出结果
AhnLab-V3 PUP/Android.Dowgin.1071127
Antiy-AVL Trojan/Generic.ASMalwAD.5EC
Avira SPR/ANDR.SMSreg.KU.Gen
BitDefenderFalx Android.Riskware.SmsPay.R
CAT-QuickHeal Android.SMSreg.C (PUP)
Cynet Malicious (score: 99)
ESET-NOD32 Android/SMSreg.AK potentially unsafe
F-Secure PrivacyRisk.SPR/ANDR.SMSreg.KU.Gen
Fortinet Riskware/SmsReg!Android
Google Detected
Ikarus Trojan.AndroidOS.Cynos
Jiangmin Trojan/AndroidOS.bn
Microsoft PUA:AndroidOS/SmsReg.A!MTB
NANO-Antivirus Trojan.Android.SMSreg.dinehu
Skyhigh Artemis
Sophos Android Emagsoftware (PUA)
SymantecMobileInsight AppRisk:Generisk
Varist AndroidOS/Smsreg.DU
VirIT Android.Trj.SMSAgent.FBL

滥用权限

恶意软件常用权限 10/30
android.permission.READ_PHONE_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.VIBRATE
android.permission.RECORD_AUDIO
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.SEND_SMS
其它常用权限 5/46
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地图

域名检测

域名 状态 中国境内 位置信息 解析
flurry.cachefly.net 安全
 IP地址: 127.0.0.1
国家: -
地区: -
城市: -
查看: Google 地图




e.weibo.com 安全
 IP地址: 49.7.37.118
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




app.rjoy.cn 安全
 没有可用的地理位置信息。




mobilepay.unionpaysecure.com 安全
 IP地址: 202.96.255.185
国家: 中国
地区: 上海
城市: 上海
查看: 高德地图




open.weibo.cn 安全
 IP地址: 223.111.8.82
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




omsjf.cmgame.com 安全
 没有可用的地理位置信息。




ads.flurry.com 安全
 IP地址: 180.222.106.12
国家: 台湾省
地区: 台北
城市: 台北
查看: Google 地图




ospd.mmarket.com 安全
 IP地址: 120.197.235.71
国家: 中国
地区: 广东
城市: 广州
查看: 高德地图




excode.appget.cn 安全
 没有可用的地理位置信息。




data.flurry.com 安全
 IP地址: 106.10.248.147
国家: 新加坡
地区: 新加坡
城市: 新加坡
查看: Google 地图




market.android.com 安全
 IP地址: 142.250.198.14
国家: 美利坚合众国
地区: 加利福尼亚
城市: 山景城
查看: Google 地图




joy-app.punchbox.org 安全
 没有可用的地理位置信息。




api.weibo.com 安全
 IP地址: 202.96.255.185
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




g.10086.cn 安全
 IP地址: 223.111.8.82
国家: 中国
地区: 江苏省
城市: 苏州市
查看: 高德地图




llll.punchbox.org 安全
 没有可用的地理位置信息。




notify.java.jpxx.org 安全
 没有可用的地理位置信息。




gather.chukong-inc.com 安全
 IP地址: 118.195.236.134
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




auth.uupay.net 安全
 没有可用的地理位置信息。




stat.punchbox.org 安全
 没有可用的地理位置信息。




adlog.flurry.com 安全
 IP地址: 180.222.109.251
国家: 台湾省
地区: 台北
城市: 台北
查看: Google 地图




gmc.g188.net 安全
 没有可用的地理位置信息。




api.t.sina.com.cn 安全
 IP地址: 49.7.37.118
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




uniview.wostore.cn 安全
 没有可用的地理位置信息。




release.readingjoy.com 安全
 没有可用的地理位置信息。




z.iyd.cn 安全
 IP地址: 211.151.139.150
国家: 中国
地区: 北京
城市: 北京
查看: 高德地图




手机号码

手机号 源码文件
13900000000
com/ccit/mmwlan/MMClientSDK_ForIdentity.java
13900000000
自研引擎-S

网址

网址信息 源码文件
http://omsjf.cmgame.com/charging/log/accessgamelog?random=
http://g.10086.cn/gamecms/wap/item1/client
http://g.10086.cn/gamecms/wap/game/fairy/210222244000?qufen=azzjbn
http://gmc.g188.net/egsb/smscharging/sendchargingcode
cn/cmgame/billing/util/Const.java
2.0.0.2
http://g.10086.cn/a/?utm=pl1
http://g.10086.cn/a/?utm=pl2
http://g.10086.cn/e/action/middle/list.php?dotype=yxwj&classid=5856&qufen=bntc
http://g.10086.cn/a/?utm=pl3
http://omsjf.cmgame.com/charging
http://g.10086.cn/gamecms/go/sdyxdt
10.0.0.172
cn/cmgame/sdk/e/b.java
10.0.0.172
cn/cmgame/sdk/network/a.java
http://10.0.0.172
cn/cmgame/sdk/network/b.java
http://joy-app.punchbox.org/billing/services
cn/iyd/iydpay_apk/Iap.java
http://release.readingjoy.com/upgrade/
http://release.readingjoy.com/upgrade/?bundle_id=2147317f-6fd9-4056-8c45-a9418817826d&version=
cn/iyd/iydpay_apk/IydHelper.java
http://joy-app.punchbox.org/billing/services
http://z.iyd.cn/mobile/webserver/openpay
http://joy-app.punchbox.org/billing/services/?method=billing.getpaymentmethod&is_filter=1
cn/iyd/iydpay_apk/Iydpay.java
http://joy-app.punchbox.org/billing/services
http://app.rjoy.cn/billing/services
http://app.rjoy.cn/billing/services?method=billing.makepayment&payment_type=yee_bank_wap&bank_type=
cn/iyd/iydpay_apk/IydpayActivity.java
http://z.iyd.cn/mobile/serverx/android/5.6
cn/iyd/iydpay_apk/IydpayUser.java
http://notify.java.jpxx.org/index.jsp
cn/iyd/pay/alipay/Alix.java
https://msp.alipay.com/x.htm
cn/iyd/pay/alipay/Constant.java
http://202.102.39.13:8084/sns-clientv4/
http://202.102.39.13:8084
http://202.102.39.13:8084/sns-clientv4/bsdk/action/resultofsms.json?gameuserid=
http://202.102.39.13:8084/sns-clientv4/four/user/retrievepassword.json?phone=
http://202.102.39.13:8084/sns-clientv4/four/user/userregister.json?mobilephone=
http://202.102.39.13:8084/sns-clientv4/four/basic/getmobilephone.json?imsi=
http://202.102.39.13:8084/sns-clientv4/four/user/userlogin.json?account=
http://202.102.39.13:8084/sns-clientv4/four/action/getvalidatecode.json?phone=
http://202.102.39.13:8084/sns-clientv4/bsdk/newpay/xmobo.json?serialno=
http://202.102.39.13:8084/sns-clientv4/bsdk/newpay/alipayrequest.json?serialno=
http://202.102.111.27:8083/eoi/interface/sdk/yzfpay?serialno=
http://202.102.39.13:8084/sns-clientv4/bsdk/action/getencryptkey.json?fromer=
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/requestforszf.json?gamegold=
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/resultofszf.json?transactionid=
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/netaidoupay.json?serialno=
http://202.102.39.13:8084/sns-clientv4/bsdk/action/getaidoubalance.json?userid=
http://202.102.39.13:8084/sns-clientv4/bsdk/action/paywaylist.json?gameid=
http://202.102.39.13:8084/sns-clientv4/bsdk/action/recordactioncode.json?gameid=
com/egame/webfee/common/Urls.java
javascript:flurryadapter.callcomplete
com/flurry/android/ap.java
http://flurry.cachefly.net/adspacestyles/images/bttn-close-bw.png
com/flurry/android/ax.java
https://market.android.com/details?id=
https://ads.flurry.com
http://ads.flurry.com
https://adlog.flurry.com
http://adlog.flurry.com
https://play.google.com/store/apps/details?id=
https://ads.flurry.com/v3/getads.do
http://ads.flurry.com/v3/getads.do
com/flurry/android/bo.java
http://data.flurry.com/aap.do
https://data.flurry.com/aap.do
com/flurry/android/FlurryAgent.java
http://llll.punchbox.org
http://e.weibo.com/3339519422/profile
https://api.weibo.com/2/
http://api.t.sina.com.cn/oauth/access_token
http://api.t.sina.com.cn/oauth/authenticate
http://api.t.sina.com.cn/oauth/authorize
https://api.weibo.com/oauth2/access_token
http://api.t.sina.com.cn/oauth/request_token
https://api.weibo.com/2/statuses/upload.json
https://api.weibo.com/2/statuses/update.json
com/gamegoo/loligo/share/ShareSina.java
http://llll.punchbox.org
com/gamegoo/loligo/wxapi/WXEntryActivity.java
http://uniview.wostore.cn/log-app/sendlog
com/infinit/multimode_billig/log/LogNet.java
http://58.246.196.82:9008/servicedata.do?
com/infinit/multimode_billing5/net/MultimodeConfig.java
http://211.154.166.219/qzjy/gateway/deal.action
http://mobilepay.unionpaysecure.com/qzjy/gateway/deal.action
com/lthj/unipay/plugin/as.java
http://211.154.166.219/busplat/order/checkpan.action
http://auth.uupay.net/busplat/order/checkpan.action
com/lthj/unipay/plugin/ay.java
http://auth.uupay.net/busplat/order/checkpan.action
http://211.154.166.219/busplat/order/checkpan.action
com/lthj/unipay/plugin/de.java
http://gather.chukong-inc.com/sdk
com/punchbox/hailstone/HSDataStat.java
http://uniview.wostore.cn/log-app/updateerrormsg
com/unicom/errormsg/ErrorMsgHttpRequest.java
http://uniview.wostore.cn/log-app/updateerrormsg
com/unicom/errormsg/llIlIllIIlllIlll.java
https://open.weibo.cn/oauth2/authorize
com/weibo/sdk/android/Weibo.java
http://ospd.mmarket.com:8089/taac
http://ospd.mmarket.com:8089/trust
http://ospd.mmarket.com:8089/trusted3
mm/purchasesdk/k/d.java
192.168.11.5
mm/purchasesdk/k/g.java
http://117.121.56.146/appark/www/?a2/v2/
http://stat.punchbox.org/?a2/v2/
org/cocos2dx/a/a.java
http://117.121.56.146/appark/www/?p1/put/
http://stat.punchbox.org/?p1/put/
org/cocos2dx/a/e.java
http://117.121.56.146/appark/www/?p1/doput
http://stat.punchbox.org/?p1/doput
org/cocos2dx/a/f.java
http://117.121.56.146/appark/www/?p1/doput
http://stat.punchbox.org/?p1/doput
org/cocos2dx/a/g.java
http://117.121.56.146/appark/www/?s1/feedback/
http://stat.punchbox.org/?s1/feedback
org/cocos2dx/b/b.java
http://117.121.57.82/exchange/?exchangecode/codeverifi/
http://excode.appget.cn/?exchangecode/codeverifi/
org/cocos2dx/c/a.java
http://202.102.39.13:8084/sns-clientv4/bsdk/newpay/xmobo.json?serialno=
http://202.102.39.13:8084/sns-clientv4/
https://api.weibo.com/2/
http://z.iyd.cn/mobile/serverx/android/5.6
http://gather.chukong-inc.com/sdk
http://omsjf.cmgame.com/charging
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/requestforszf.json?gamegold=
https://open.weibo.cn/oauth2/authorize
http://202.102.39.13:8084/sns-clientv4/bsdk/action/getencryptkey.json?fromer=
http://202.102.39.13:8084/sns-clientv4/four/basic/getmobilephone.json?imsi=
http://mobilepay.unionpaysecure.com/qzjy/gateway/deal.action
http://10.1.3.22:22222/trusted3
https://api.weibo.com/2/statuses/upload.json
http://10.1.3.22:22222/trust
http://z.iyd.cn/mobile/webserver/openpay
http://api.t.sina.com.cn/oauth/access_token
http://117.121.56.146/appark/www/?p1/put/
http://release.readingjoy.com/upgrade/?bundle_id=2147317f-6fd9-4056-8c45-a9418817826d&version=
http://stat.punchbox.org/?p1/put/
10.0.0.172
http://notify.java.jpxx.org/index.jsp
http://202.102.39.13:8084
http://117.121.57.82/exchange/?exchangecode/codeverifi/
https://api.weibo.com/2/statuses/update.json
http://202.102.39.13:8084/sns-clientv4/bsdk/action/paywaylist.json?gameid=
http://g.10086.cn/gamecms/go/sdyxdt
http://adlog.flurry.com
http://117.121.56.146/appark/www/?a2/v2/
http://stat.punchbox.org/?s1/feedback
http://211.139.191.223:22222/trust
http://202.102.39.13:8084/sns-clientv4/four/user/retrievepassword.json?phone=
http://202.102.39.13:8084/sns-clientv4/bsdk/action/resultofsms.json?gameuserid=
http://data.flurry.com/aap.do
javascript:flurryadapter.callcomplete
http://joy-app.punchbox.org/billing/services/?method=billing.getpaymentmethod&is_filter=1
http://202.102.39.13:8084/sns-clientv4/four/user/userlogin.json?account=
http://10.0.0.172
http://202.102.111.27:8083/eoi/interface/sdk/yzfpay?serialno=
http://ospd.mmarket.com:8089/taac
http://g.10086.cn/a/?utm=pl1
http://58.246.196.82:9008/servicedata.do?
http://202.102.39.13:8084/sns-clientv4/bsdk/action/recordactioncode.json?gameid=
https://adlog.flurry.com
http://omsjf.cmgame.com/charging/log/accessgamelog?random=
http://117.121.56.146/appark/www/?p1/doput
http://flurry.cachefly.net/adspacestyles/images/bttn-close-bw.png
http://excode.appget.cn/?exchangecode/codeverifi/
http://g.10086.cn/gamecms/wap/item1/client
https://api.weibo.com/oauth2/access_token
http://api.t.sina.com.cn/oauth/authenticate
https://ads.flurry.com
192.168.11.5
http://app.rjoy.cn/billing/services
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/resultofszf.json?transactionid=
http://g.10086.cn/gamecms/wap/game/fairy/210222244000?qufen=azzjbn
http://ospd.mmarket.com:8089/trusted3
http://stat.punchbox.org/?a2/v2/
http://g.10086.cn/a/?utm=pl3
http://auth.uupay.net/busplat/order/checkpan.action
http://202.102.39.13:8084/sns-clientv4/four/user/userregister.json?mobilephone=
http://202.102.39.13:8084/sns-clientv4/bsdk/pay/netaidoupay.json?serialno=
https://msp.alipay.com/x.htm
http://e.weibo.com/3339519422/profile
http://joy-app.punchbox.org/billing/services
2.0.0.2
http://ads.flurry.com/v3/getads.do
http://llll.punchbox.org
http://g.10086.cn/e/action/middle/list.php?dotype=yxwj&classid=5856&qufen=bntc
https://play.google.com/store/apps/details?id=
http://uniview.wostore.cn/log-app/sendlog
https://ads.flurry.com/v3/getads.do
http://api.t.sina.com.cn/oauth/request_token
http://202.102.39.13:8084/sns-clientv4/four/action/getvalidatecode.json?phone=
http://gmc.g188.net/egsb/smscharging/sendchargingcode
http://202.102.39.13:8084/sns-clientv4/bsdk/newpay/alipayrequest.json?serialno=
https://market.android.com/details?id=
http://ospd.mmarket.com:8089/trust
http://211.154.166.219/busplat/order/checkpan.action
http://ads.flurry.com
http://uniview.wostore.cn/log-app/updateerrormsg
http://117.121.56.146/appark/www/?s1/feedback/
http://api.t.sina.com.cn/oauth/authorize
http://stat.punchbox.org/?p1/doput
http://202.102.39.13:8084/sns-clientv4/bsdk/action/getaidoubalance.json?userid=
http://app.rjoy.cn/billing/services?method=billing.makepayment&payment_type=yee_bank_wap&bank_type=
http://211.154.166.219/qzjy/gateway/deal.action
https://data.flurry.com/aap.do
http://release.readingjoy.com/upgrade/
http://g.10086.cn/a/?utm=pl2
自研引擎-S
ftp://%s:%s@%s
lib/armeabi/libjoygamesdk.so
http://%s:%d%s
http://10.0.3.129:8082/mer_mg/order/checkpan.action
lib/armeabi/liblthj_unipaybusiness.so
http://%s:%d%s
http://10.0.3.129:8082/mer_mg/order/checkpan.action
lib/armeabi/liblthj_unipaybusiness20130328.so

FIREBASE实例

邮箱

追踪器

名称 类别 网址
Flurry Advertisement, Analytics https://reports.exodus-privacy.eu.org/trackers/25

密钥凭证

已显示 9 个secrets
1、 友盟统计的=> "UMENG_APPKEY" : "5199838056240bb93806ddc4"
2、 友盟统计的=> "UMENG_CHANNEL" : "joysdk"
3、 凭证信息=> "AppId" : "appid:90234616120120921431100"
4、 d0123a49-146c-4492-8df0-44a6a5c7f89d
5、 50fe2aa884aef54d61eceb48
6、 cf37382453b860f30401728d1d9987dd
7、 24e7252b-62d6-454d-b48e-438f5b11ce450427c786-828
8、 2147317f-6fd9-4056-8c45-a9418817826d
9、 d5794271016b251b71f137100a80ace6

字符串列表

建议导出为TXT,方便查看。

活动列表

已显示 18 个activities
1、 cn.iyd.iydpay_apk.IydpayActivity
2、 cn.emagsoftware.gamebilling.activity.BillingActivity
3、 com.unionpay.upomp.lthj.plugin.ui.SplashActivity
4、 com.unionpay.upomp.lthj.plugin.ui.IndexActivityGroup
5、 com.unionpay.upomp.lthj.plugin.ui.HomeActivity
6、 com.unionpay.upomp.lthj.plugin.ui.PayActivity
7、 com.unionpay.upomp.lthj.plugin.ui.AccountActivity
8、 com.unionpay.upomp.lthj.plugin.ui.BankCardInfoActivity
9、 com.unionpay.upomp.lthj.plugin.ui.SupportCardActivity
10、 com.unionpay.upomp.lthj.plugin.ui.UserProtocolActivity
11、 com.unionpay.upomp.lthj.plugin.ui.AboutActivity
12、 com.tcl.hyt.unionpay.plugin.activity.IndexActivity
13、 com.tcl.hyt.unionpay.plugin.activity.LoadingActivity
14、 com.egame.webfee.ui.EgameSdkWebFeeActivity
15、 com.gamegoo.loligo.vampire
16、 com.gamegoo.loligo.wxapi.WXEntryActivity
17、 com.gamegoo.loligo.GlobalCToJava
18、 com.weibo.sdk.android.demo.ShareActivity

服务列表

已显示 3 个services
1、 cn.iyd.iydpay_apk.IydpayService
2、 cn.iyd.iydpay_apk.PunchboxService
3、 joy.sdk.JoyService

广播接收者列表

已显示 2 个receivers
1、 .AppRegister
2、 .AppRegister

内容提供者列表

第三方SDK

SDK名称 开发者 描述信息

文件列表

assets/CMGC/ChPkgs.xml
assets/CMGC/ConfigExtend.xml
assets/CMGC/GH.data
assets/OpeningAnimation/ChPkgs.xml
assets/OpeningAnimation/g_bg_exit.png
assets/OpeningAnimation/g_cmcc_title.png
assets/OpeningAnimation/g_divider.png
assets/OpeningAnimation/g_divider_land.png
assets/OpeningAnimation/g_exit.png
assets/OpeningAnimation/g_exit_ask.png
assets/OpeningAnimation/g_exit_hl.png
assets/OpeningAnimation/g_game_title.png
assets/OpeningAnimation/g_logo.png
assets/OpeningAnimation/g_logo_cmcc.png
assets/OpeningAnimation/g_logo_cmgc.png
assets/OpeningAnimation/g_logo_cmgc_s.png
assets/OpeningAnimation/g_logo_cp.png
assets/OpeningAnimation/g_logo_s.png
assets/OpeningAnimation/g_logo_sp.png
assets/OpeningAnimation/g_more_ask.png
assets/OpeningAnimation/g_no.png
assets/OpeningAnimation/g_no_hl.png
assets/OpeningAnimation/g_ok.png
assets/OpeningAnimation/g_ok_hl.png
assets/OpeningAnimation/g_rocker.png
assets/OpeningAnimation/g_rotate_left.png
assets/OpeningAnimation/g_rotate_mid.png
assets/OpeningAnimation/g_rotate_right.png
assets/OpeningAnimation/g_sound_ask.png
assets/OpeningAnimation/g_star.png
assets/OpeningAnimation/g_yes.png
assets/OpeningAnimation/g_yes_hl.png
assets/config/punchbox.json
assets/res_ipad/ani/black_gui.xml
assets/res_ipad/ani/blackgui.plist
assets/res_ipad/ani/blue_gui.xml
assets/res_ipad/ani/bluegui.plist
assets/res_ipad/ani/blueline.plist
assets/res_ipad/ani/blueline.png
assets/res_ipad/ani/bomb_gui.xml
assets/res_ipad/ani/bombgui.plist
assets/res_ipad/ani/boom.plist
assets/res_ipad/ani/boom.png
assets/res_ipad/ani/boost.plist
assets/res_ipad/ani/boost.png
assets/res_ipad/ani/box_gui.xml
assets/res_ipad/ani/boxgui.plist
assets/res_ipad/ani/chenggong.plist
assets/res_ipad/ani/chenggong.png
assets/res_ipad/ani/ddeadeffect.plist
assets/res_ipad/ani/ddeadeffect.png
assets/res_ipad/ani/dragon_ani.plist
assets/res_ipad/ani/firebird.plist
assets/res_ipad/ani/firebird.png
assets/res_ipad/ani/go.plist
assets/res_ipad/ani/go.png
assets/res_ipad/ani/green_gui.xml
assets/res_ipad/ani/greengui.plist
assets/res_ipad/ani/guihit.plist
assets/res_ipad/ani/hero1.plist
assets/res_ipad/ani/hero1.png
assets/res_ipad/ani/hero2.plist
assets/res_ipad/ani/hero2.png
assets/res_ipad/ani/hero3.plist
assets/res_ipad/ani/hero3.png
assets/res_ipad/ani/huodechongwu.plist
assets/res_ipad/ani/huodechongwu.png
assets/res_ipad/ani/huodexinjili.plist
assets/res_ipad/ani/huodexinjili.png
assets/res_ipad/ani/jinhua.plist
assets/res_ipad/ani/jinhua.png
assets/res_ipad/ani/kaishi.plist
assets/res_ipad/ani/kaishi.png
assets/res_ipad/ani/perfect.plist
assets/res_ipad/ani/perfect.png
assets/res_ipad/ani/pet1.plist
assets/res_ipad/ani/pet1.xml
assets/res_ipad/ani/pet1j.plist
assets/res_ipad/ani/pet1j.xml
assets/res_ipad/ani/pet2.plist
assets/res_ipad/ani/pet2.xml
assets/res_ipad/ani/pet2j.plist
assets/res_ipad/ani/pet2j.xml
assets/res_ipad/ani/pet3.plist
assets/res_ipad/ani/pet3.xml
assets/res_ipad/ani/pet3j.plist
assets/res_ipad/ani/pet3j.xml
assets/res_ipad/ani/pet4.plist
assets/res_ipad/ani/pet4.xml
assets/res_ipad/ani/pet4j.plist
assets/res_ipad/ani/pet4j.xml
assets/res_ipad/ani/pet5.xml
assets/res_ipad/ani/petlight.plist
assets/res_ipad/ani/petlight.png
assets/res_ipad/ani/pets.plist
assets/res_ipad/ani/pink_gui.xml
assets/res_ipad/ani/pinkgui.plist
assets/res_ipad/ani/progress.plist
assets/res_ipad/ani/progress.png
assets/res_ipad/ani/red_gui.xml
assets/res_ipad/ani/redgui.plist
assets/res_ipad/ani/shengguang.plist
assets/res_ipad/ani/shengguang.png
assets/res_ipad/ani/shengji.plist
assets/res_ipad/ani/shengji.png
assets/res_ipad/ani/shengjiwenzi.plist
assets/res_ipad/ani/shengjiwenzi.png
assets/res_ipad/ani/shibai.plist
assets/res_ipad/ani/shibai.png
assets/res_ipad/ani/tani_dragon.xml
assets/res_ipad/ani/violet_gui.xml
assets/res_ipad/ani/violetgui.plist
assets/res_ipad/ani/white_gui.xml
assets/res_ipad/ani/whitegui.plist
assets/res_ipad/ani/xixue_gui.plist
assets/res_ipad/ani/yanhua.plist
assets/res_ipad/ani/yanhua.png
assets/res_ipad/ani/yellow_gui.xml
assets/res_ipad/ani/yellowgui.plist
assets/res_ipad/ani/zhuce.plist
assets/res_ipad/ani/zhuce.png
assets/res_ipad/background/01.png
assets/res_ipad/background/02.png
assets/res_ipad/background/03.png
assets/res_ipad/background/04.png
assets/res_ipad/background/loadingbar_01.png
assets/res_ipad/background/loadingbar_02.png
assets/res_ipad/background/loadingmap.png
assets/res_ipad/effect/JetFstar.plist
assets/res_ipad/effect/JetFstar_old.plist
assets/res_ipad/effect/PhoenixFeather.plist
assets/res_ipad/effect/PhoenixFeather2.plist
assets/res_ipad/effect/addblood.plist
assets/res_ipad/effect/blood.png
assets/res_ipad/effect/bomb.plist
assets/res_ipad/effect/boostover.plist
assets/res_ipad/effect/bstar64black.png
assets/res_ipad/effect/bstar64blood.png
assets/res_ipad/effect/circle_yellow.png
assets/res_ipad/effect/damage.plist
assets/res_ipad/effect/damage.png
assets/res_ipad/effect/deagondead.plist
assets/res_ipad/effect/deagondead_new.plist
assets/res_ipad/effect/deagondead_old.plist
assets/res_ipad/effect/fire.png
assets/res_ipad/effect/firestar.png
assets/res_ipad/effect/firestar2.png
assets/res_ipad/effect/force.plist
assets/res_ipad/effect/fstar.png
assets/res_ipad/effect/get_coin_01.plist
assets/res_ipad/effect/get_coin_01.png
assets/res_ipad/effect/ice.png
assets/res_ipad/effect/icehit.plist
assets/res_ipad/effect/lightning_01.png
assets/res_ipad/effect/meteosmoke.plist
assets/res_ipad/effect/perfect.plist
assets/res_ipad/effect/perfect.png
assets/res_ipad/effect/shock.png
assets/res_ipad/effect/snow.png
assets/res_ipad/effect/star_02.png
assets/res_ipad/effect/waterfall.plist
assets/res_ipad/effect/yanhua.plist
assets/res_ipad/font/english_2.fnt
assets/res_ipad/font/english_2_0.png
assets/res_ipad/font/g_num.fnt
assets/res_ipad/font/g_num_0.png
assets/res_ipad/font/new_fnt.fnt
assets/res_ipad/font/new_fnt_0.png
assets/res_ipad/font/new_fnt_blue.fnt
assets/res_ipad/font/wing_num.fnt
assets/res_ipad/font/wing_num_0.png
assets/res_ipad/object/U_1.plist
assets/res_ipad/object/U_1.png
assets/res_ipad/object/U_2.plist
assets/res_ipad/object/U_2.png
assets/res_ipad/object/bullet.plist
assets/res_ipad/object/bullet.png
assets/res_ipad/object/g_num.plist
assets/res_ipad/object/g_num.png
assets/res_ipad/object/n_num.plist
assets/res_ipad/object/n_num.png
assets/res_ipad/object/newitem.plist
assets/res_ipad/object/newitem.png
assets/res_ipad/object/numbers.plist
assets/res_ipad/object/numbers.png
assets/res_ipad/table/achieve.xml
assets/res_ipad/table/bullet.xml
assets/res_ipad/table/drop.xml
assets/res_ipad/table/fristdrop.xml
assets/res_ipad/table/monster.xml
assets/res_ipad/table/petlevel.xml
assets/res_ipad/table/speeddata.xml
assets/res_ipad/table/stageday.xml
assets/res_ipad/table/wave.xml
assets/res_ipad/table/wave1.xml
assets/res_ipad/btn_pause.png
assets/res_ipad/paomiline_line1.png
assets/res_ipad/progress_monsterBar.png
assets/res_ipad/progress_monsterBg.png
assets/res_ipad/progress_powerBar.png
assets/res_ipad/progress_powerBg.png
assets/res_ipad/youxigulogo.png
assets/res_ipad/youxigulogo1.png
assets/scripts/root.lua
assets/scripts/u_about.lua
assets/scripts/u_chievent.lua
assets/scripts/u_choosechar.lua
assets/scripts/u_friend.lua
assets/scripts/u_game.lua
assets/scripts/u_goldstore.lua
assets/scripts/u_login.lua
assets/scripts/u_mail.lua
assets/scripts/u_newtips.lua
assets/scripts/u_option.lua
assets/scripts/u_pause.lua
assets/scripts/u_pet.lua
assets/scripts/u_player.lua
assets/scripts/u_prepare.lua
assets/scripts/u_ready.lua
assets/scripts/u_restart.lua
assets/scripts/u_sign.lua
assets/scripts/u_store.lua
assets/scripts/u_tips.lua
assets/scripts/uifunction.lua
assets/sounds/alert.ogg
assets/sounds/bats.ogg
assets/sounds/button.ogg
assets/sounds/clear_screen.ogg
assets/sounds/electric.ogg
assets/sounds/explosion.ogg
assets/sounds/firebird.ogg
assets/sounds/get_boost.ogg
assets/sounds/get_coin.ogg
assets/sounds/get_gem.ogg
assets/sounds/get_item.ogg
assets/sounds/gunpowder.ogg
assets/sounds/hunter_background.mp3
assets/sounds/hunter_background2.mp3
assets/sounds/ice_hit.ogg
assets/sounds/itemgemin.ogg
assets/sounds/itemin.ogg
assets/sounds/meteor.ogg
assets/sounds/mon_die.ogg
assets/sounds/moneyin.ogg
assets/sounds/moneyout.ogg
assets/sounds/monsterdead.ogg
assets/sounds/monsterhited.ogg
assets/sounds/perfect.ogg
assets/sounds/power_shot.ogg
assets/sounds/punch.ogg
assets/sounds/role_die.ogg
assets/sounds/speed.ogg
assets/sounds/thunder.ogg
assets/sounds/treasure_box_dead.ogg
assets/sounds/waterbomb.ogg
assets/sounds/woodenbroken.ogg
assets/sounds/xdead.ogg
assets/tui/tui_iphone4.xml
assets/AlipayMSP087_V3.5.2.0417.apk
assets/Charge.xml
assets/Config.xml
assets/ConsumeCodeInfo.xml
assets/CpayPlugin.apk
assets/Icon-72.png
assets/alipay_plugin223_0309.apk
assets/premessable.txt
assets/tips.xml
res/drawable/egamewebfee_btn_green_selector.xml
res/drawable/egamewebfee_btn_login_selector.xml
res/drawable/egamewebfee_btn_reg_selector.xml
res/drawable/egamewebfee_btn_yellow_selector.xml
res/drawable/egamewebfee_list_selector.xml
res/drawable/egamewebfee_radio_button.xml
res/drawable/upomp_lthj_button_blue.xml
res/drawable/upomp_lthj_button_blue_select.xml
res/drawable/upomp_lthj_button_gray.xml
res/drawable/upomp_lthj_button_gray_select.xml
res/drawable/upomp_lthj_button_green.xml
res/drawable/upomp_lthj_button_green_select.xml
res/drawable/upomp_lthj_button_lightblue.xml
res/drawable/upomp_lthj_button_select.xml
res/drawable/upomp_lthj_button_verifycode.xml
res/drawable/upomp_lthj_checkbox.xml
res/drawable/upomp_lthj_filled_box.xml
res/drawable/upomp_lthj_gray_line.xml
res/drawable/upomp_lthj_keybtn.xml
res/drawable/upomp_lthj_progressbar.xml
res/layout/egamewebfee.xml
res/layout/egamewebfee_aidoufee.xml
res/layout/egamewebfee_card.xml
res/layout/egamewebfee_charge_type.xml
res/layout/egamewebfee_common_user_register.xml
res/layout/egamewebfee_login.xml
res/layout/egamewebfee_progress.xml
res/layout/upomp_lthj_about.xml
res/layout/upomp_lthj_bankcard_item.xml
res/layout/upomp_lthj_bankcard_itemexpad.xml
res/layout/upomp_lthj_bankcard_list.xml
res/layout/upomp_lthj_bindcard_home.xml
res/layout/upomp_lthj_bindcard_next.xml
res/layout/upomp_lthj_cardinfo_tip.xml
res/layout/upomp_lthj_changemobile.xml
res/layout/upomp_lthj_changepassword.xml
res/layout/upomp_lthj_commonpay.xml
res/layout/upomp_lthj_custominput.xml
res/layout/upomp_lthj_findpwd_home.xml
res/layout/upomp_lthj_findpwd_next.xml
res/layout/upomp_lthj_homeaccount.xml
res/layout/upomp_lthj_homecardpay.xml
res/layout/upomp_lthj_hometradeinfo.xml
res/layout/upomp_lthj_index.xml
res/layout/upomp_lthj_keyboard.xml
res/layout/upomp_lthj_keyboard_letter.xml
res/layout/upomp_lthj_keyboard_num.xml
res/layout/upomp_lthj_keyboard_sign.xml
res/layout/upomp_lthj_lineframe.xml
res/layout/upomp_lthj_myinfo.xml
res/layout/upomp_lthj_onebtn_progress.xml
res/layout/upomp_lthj_quick_bind_result.xml
res/layout/upomp_lthj_quick_bindcard.xml
res/layout/upomp_lthj_quick_reg_confirm.xml
res/layout/upomp_lthj_quick_reg_result.xml
res/layout/upomp_lthj_quick_register.xml
res/layout/upomp_lthj_quickpay_hascard.xml
res/layout/upomp_lthj_quickpay_nocard.xml
res/layout/upomp_lthj_quickpay_userinfo.xml
res/layout/upomp_lthj_savecardpay.xml
res/layout/upomp_lthj_splash.xml
res/layout/upomp_lthj_supportcard.xml
res/layout/upomp_lthj_supportcard_bankitem.xml
res/layout/upomp_lthj_traderesult.xml
res/layout/upomp_lthj_twobtn_progress.xml
res/layout/upomp_lthj_user_protocol.xml
res/layout/upomp_lthj_userprotocal_item.xml
res/layout/upomp_lthj_validatcodeview.xml
res/layout/view_bottom.xml
res/layout/view_left.xml
res/layout/view_right.xml
res/layout/view_up.xml
res/raw/opening_sound.mid
res/raw/upomp_lthj_authsupport.xml
res/raw/upomp_lthj_config_formal.xml
res/raw/upomp_lthj_config_test.xml
res/raw/upomp_lthj_quicksupport.xml
AndroidManifest.xml
resources.arsc
res/drawable-hdpi/egamewebfee_alipay_info.png
res/drawable-hdpi/egamewebfee_alipay_infoicon.png
res/drawable-hdpi/egamewebfee_back.png
res/drawable-hdpi/egamewebfee_but_normal.9.png
res/drawable-hdpi/egamewebfee_but_select.9.png
res/drawable-hdpi/egamewebfee_check_off.png
res/drawable-hdpi/egamewebfee_check_on.png
res/drawable-hdpi/egamewebfee_close.png
res/drawable-hdpi/egamewebfee_forget_pwd.png
res/drawable-hdpi/egamewebfee_greenoff.9.png
res/drawable-hdpi/egamewebfee_greenon.9.png
res/drawable-hdpi/egamewebfee_input_bg.9.png
res/drawable-hdpi/egamewebfee_list.png
res/drawable-hdpi/egamewebfee_listchufa.png
res/drawable-hdpi/egamewebfee_listseled.png
res/drawable-hdpi/egamewebfee_login_bg.9.png
res/drawable-hdpi/egamewebfee_login_et_bg.9.png
res/drawable-hdpi/egamewebfee_panl_bg.9.png
res/drawable-hdpi/egamewebfee_reg_but_normal.9.png
res/drawable-hdpi/egamewebfee_titlebar.png
res/drawable-hdpi/egamewebfee_top.png
res/drawable-hdpi/egamewebfee_top_line.png
res/drawable-hdpi/egamewebfee_touming.png
res/drawable-hdpi/egamewebfee_weixuanzeanniu.png
res/drawable-hdpi/egamewebfee_xuanzeanniu.png
res/drawable-hdpi/egamewebfee_yellowoff.9.png
res/drawable-hdpi/egamewebfee_yellowon.9.png
res/drawable-hdpi/gc_bg_small.9.png
res/drawable-hdpi/gc_billing_blue.9.png
res/drawable-hdpi/gc_billing_blue_selector.xml
res/drawable-hdpi/gc_billing_cancel.png
res/drawable-hdpi/gc_billing_cancel_hl.png
res/drawable-hdpi/gc_billing_cancel_selector.xml
res/drawable-hdpi/gc_billing_cancel_unenabled.png
res/drawable-hdpi/gc_billing_green.9.png
res/drawable-hdpi/gc_billing_green_selector.xml
res/drawable-hdpi/gc_billing_hl.9.png
res/drawable-hdpi/gc_billing_red.9.png
res/drawable-hdpi/gc_billing_red_selector.xml
res/drawable-hdpi/gc_billing_unenabled.9.png
res/drawable-hdpi/gc_cmgc_logo_s.png
res/drawable-hdpi/gc_gamehall.png
res/drawable-hdpi/gc_logo.png
res/drawable-hdpi/gc_more_game.png
res/drawable-hdpi/huabian_down.png
res/drawable-hdpi/huabian_top.png
res/drawable-hdpi/ic_launcher.png
res/drawable-hdpi/icon.png
res/drawable-hdpi/upomp_lthj_bottom_line.png
res/drawable-hdpi/upomp_lthj_button_blue_noselect.9.png
res/drawable-hdpi/upomp_lthj_button_drop.png
res/drawable-hdpi/upomp_lthj_button_gray_noselect.9.png
res/drawable-hdpi/upomp_lthj_button_green_noselect.9.png
res/drawable-hdpi/upomp_lthj_button_lightblue_noselect.9.png
res/drawable-hdpi/upomp_lthj_button_lightblue_select.9.png
res/drawable-hdpi/upomp_lthj_button_verifycode_noselect.9.png
res/drawable-hdpi/upomp_lthj_button_verifycode_select.9.png
res/drawable-hdpi/upomp_lthj_card_icon.png
res/drawable-hdpi/upomp_lthj_card_img.png
res/drawable-hdpi/upomp_lthj_checkbox_select.png
res/drawable-hdpi/upomp_lthj_checkbox_unselect.png
res/drawable-hdpi/upomp_lthj_common_drop.png
res/drawable-hdpi/upomp_lthj_default_drop.png
res/drawable-hdpi/upomp_lthj_default_icon.png
res/drawable-hdpi/upomp_lthj_desc_icon.png
res/drawable-hdpi/upomp_lthj_fail_icon.png
res/drawable-hdpi/upomp_lthj_faildialog_icon.png
res/drawable-hdpi/upomp_lthj_info_down_btn.9.png
res/drawable-hdpi/upomp_lthj_info_frame.9.png
res/drawable-hdpi/upomp_lthj_info_up_btn.9.png
res/drawable-hdpi/upomp_lthj_input_bg.9.png
res/drawable-hdpi/upomp_lthj_input_help_btn.png
res/drawable-hdpi/upomp_lthj_keyboard.png
res/drawable-hdpi/upomp_lthj_keybtn1.9.png
res/drawable-hdpi/upomp_lthj_keybtn_enlarge.9.png
res/drawable-hdpi/upomp_lthj_keybtn_enlarge_1.9.png
res/drawable-hdpi/upomp_lthj_logo.png
res/drawable-hdpi/upomp_lthj_logobar.png
res/drawable-hdpi/upomp_lthj_mobile_icon.png
res/drawable-hdpi/upomp_lthj_okdialog_icon.png
res/drawable-hdpi/upomp_lthj_order_icon.png
res/drawable-hdpi/upomp_lthj_pay_icon.png
res/drawable-hdpi/upomp_lthj_prompt_icon.png
res/drawable-hdpi/upomp_lthj_refresh_icon.png
res/drawable-hdpi/upomp_lthj_rightarrow_icon.png
res/drawable-hdpi/upomp_lthj_row_line.png
res/drawable-hdpi/upomp_lthj_set_default_icon.png
res/drawable-hdpi/upomp_lthj_shield_icon.png
res/drawable-hdpi/upomp_lthj_smalllogo.png
res/drawable-hdpi/upomp_lthj_splash_logo.png
res/drawable-hdpi/upomp_lthj_splash_progress.png
res/drawable-hdpi/upomp_lthj_splash_thumb.png
res/drawable-hdpi/upomp_lthj_success_icon.png
res/drawable-hdpi/upomp_lthj_supportcard_title.png
res/drawable-hdpi/upomp_lthj_unbind_icon.png
res/drawable-hdpi/upomp_lthj_user_icon.png
res/drawable-hdpi/upomp_lthj_vertical_line.png
res/drawable-hdpi/upomp_lthj_watermark.png
res/drawable-ldpi/ic_launcher.png
res/drawable-ldpi/upomp_lthj_icon.png
res/drawable-ldpi/upomp_lthj_splash_progress.png
res/drawable-ldpi/upomp_lthj_splash_thumb.png
res/drawable-mdpi/ic_launcher.png
res/drawable-mdpi/upomp_lthj_icon.png
res/drawable-mdpi/upomp_lthj_splash_progress.png
res/drawable-mdpi/upomp_lthj_splash_thumb.png
res/drawable-xhdpi/ic_launcher.png
classes.dex
assets/back.png
assets/back_click.png
assets/bg.png
assets/bg2.png
assets/btn_ac.png
assets/btn_ac_click.png
assets/btn_an.jpg
assets/btn_an.png
assets/btn_an_click.png
assets/chahao.jpg
assets/chinaunicom.png
assets/close.png
assets/wostore_logo.png
com/flurry/org/codehaus/jackson/map/VERSION.txt
com/flurry/org/codehaus/jackson/impl/VERSION.txt
com/flurry/org/apache/avro/data/Json.avsc
assets/values/dimens.xml
assets/weibosdk_dialog_bg.9.png
assets/transparentBtnDisabled.png
assets/transparentBtnNormal.png
assets/smscard.png
assets/inputTop_middle.png
assets/inputLowerRoundCorner_R.png
assets/sms.png
assets/payback_middle.png
assets/forgotPWD.png
assets/check.png
assets/lastSelectPushmiddle.png
assets/return_normal.png
assets/transparentRectangleBtnDisabled.png
assets/cardlist_middle.png
assets/cardlist_left.png
assets/payback_left.png
assets/smsback_middle.png
assets/lastPaynormal.png
assets/loadingBG.png
assets/backShadow.png
assets/backmiddle.png
assets/agreePressed.png
assets/greenBtnPressed.png
assets/money.png
assets/inputUperRoundCorner_M.png
assets/radiobox_normal.png
assets/x.png
assets/moneyBig.png
assets/regPressed.png
assets/lastSelectNormalleft.png
assets/loginSelected.png
assets/logoQQ.png
assets/radiobox_push.png
assets/paylistitem_left.png
assets/tipback_L.png
assets/stars.plist
assets/confirm_normal.png
assets/loadingnew.png
assets/bgBigShadow.png
assets/bgBigGuestBg.png
assets/regNormal.png
assets/close_push.png
assets/backright.png
assets/smsback_right.png
assets/tipback_M.png
assets/tipNormal.png
assets/paylistitem_middle.png
assets/tipClose.png
assets/inputTop_left.png
assets/lastSelectlPushleft.png
assets/registerOk.png
assets/lastPayleft.png
assets/okConfirm_normal.png
assets/inputCircle_L.png
assets/lastSelectNormalright.png
assets/lastSelectNormalmiddle.png
assets/lastPayright.png
assets/blueBtnNormal.png
assets/inputUperRoundCorner_L.png
assets/particleTexture.png
assets/othercard_left.png
assets/inputCircle_R.png
assets/marksAfter.png
assets/yellowBtnDisabled.png
assets/cardlist_right.png
assets/alipay.png
assets/confirm_pressed.png
assets/logoWeibo.png
assets/pay_normal.png
assets/tipback_R.png
assets/lastPaymiddle.png
assets/marksBefore.png
assets/transparentBtnPressed.png
assets/thirdBtnPressed.png
assets/joyucres.pak
assets/yellowBtnPressed.png
assets/transparentRectangleBtnNormal.png
assets/bgBig.png
assets/lastPaypush.png
assets/inputCircle_M.png
assets/logo360.png
assets/inputRectangle_L.png
assets/bankcard.png
assets/payback_right.png
assets/agreeNormal.png
assets/agreeLabel.png
assets/return_push.png
assets/inputLowerRoundCorner_M.png
assets/yellowBtnNormal.png
assets/tipImage.png
assets/othercard_middle.png
assets/thirdBtnNormal.png
assets/othercard_right.png
assets/inputRectangle_M.png
assets/inputTop_right.png
assets/greenBtnNormal.png
assets/screenmask.png
assets/close_normal.png
assets/blueBtnPressed.png
assets/regSelected.png
assets/payhighlight.png
assets/smsback_left.png
assets/loginPressed.png
assets/transparentRectangleBtnPressed.png
assets/inputRectangle_R.png
assets/inputUperRoundCorner_R.png
assets/pay_push.png
assets/inputLowerRoundCorner_L.png
assets/backleft.png
assets/JoyResource.lst
assets/paylistitem_right.png
assets/loginNormal.png
assets/othercard.png
assets/lastSelectPushright.png
assets/okConfirm_pressed.png
CopyrightDeclaration.xml
VERSION
assets/mmiap/image/vertical/bg.png
assets/mmiap/image/vertical/button1_Confirm.9.png
assets/mmiap/image/vertical/button1_Confirm_Press.9.png
assets/mmiap/image/vertical/button_back.png
assets/mmiap/image/vertical/button_back_Press.png
assets/mmiap/image/vertical/button_finishbilling.png
assets/mmiap/image/vertical/button_finishbilling_press.png
assets/mmiap/image/vertical/editbg.9.png
assets/mmiap/image/vertical/editbg_a.9.png
assets/mmiap/image/vertical/editbg_b.9.png
assets/mmiap/image/vertical/get_verificationcode.9.png
assets/mmiap/image/vertical/get_verificationcode_press.9.png
assets/mmiap/image/vertical/icon_chifubao.png
assets/mmiap/image/vertical/icon_false.png
assets/mmiap/image/vertical/icon_info.png
assets/mmiap/image/vertical/icon_success.png
assets/mmiap/image/vertical/infobg.9.png
assets/mmiap/image/vertical/infoline.png
assets/mmiap/image/vertical/keyboard_bg.png
assets/mmiap/image/vertical/keyboard_button.png
assets/mmiap/image/vertical/keyboard_button_delete.png
assets/mmiap/image/vertical/keyboard_button_delete_press.png
assets/mmiap/image/vertical/keyboard_button_hide.png
assets/mmiap/image/vertical/keyboard_button_hide_press.png
assets/mmiap/image/vertical/keyboard_button_press.png
assets/mmiap/image/vertical/line.png
assets/mmiap/image/vertical/loading.png
assets/mmiap/image/vertical/logo1.png
assets/mmiap/image/vertical/logo2.png
assets/mmiap/image/vertical/logo3.png
assets/mmiap/image/vertical/title1_bg.png
assets/mmiap/image/vertical/title2_bg.png
assets/mmiap/image/vertical/title2_bg_shadow.png
assets/mmiap/image/vertical/top_button_back.png
assets/mmiap/image/vertical/top_button_back_press.png
assets/mmiap/image/vertical/yanzhengma_bg.png
mmiap.xml
lib/armeabi/gdbserver
lib/armeabi/libgame.so
lib/armeabi/libjoygamesdk.so
lib/armeabi/libcasdkjni.so
lib/armeabi/libidentifyapp.so
lib/armeabi/liblthj_unipaybusiness.so
lib/armeabi/liblthj_unipaybusiness20130328.so
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA

污点分析

当apk较大时,代码量会很大,造成数据流图(ICFG)呈现爆炸式增长,所以该功能比较耗时,请先喝杯咖啡,耐心等待……
规则名称 描述信息 操作
病毒分析 使用安卓恶意软件常用的API进行污点分析 开始分析  
漏洞挖掘 漏洞挖掘场景下的污点分析 开始分析  
隐私合规 隐私合规场景下的污点分析:组件内污点传播、组件间污点传播、组件与库函数之间的污点传播 开始分析  
密码分析 分析加密算法是否使用常量密钥、静态初始化的向量(IV)、加密模式是否使用ECB等 开始分析  
Callback 因为Android中系统级的Callback并不会出现显式地进行回调方法的调用,所以如果需要分析Callback方法需要在声明文件中将其声明,这里提供一份AndroidCallbacks.txt文件,里面是一些常见的原生回调接口或类,如果有特殊接口需求,可以联系管理员 开始分析