Let's take a look at a very popular mobile game "Garena 传说对决" . It would be very interesting~

My friend Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game analysis的更多相关文章

  1. zhuan 常用图像数据集:标注、检索

      目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物. ...

  2. 【技术调研】最强Node-RED初探总结

    在某个项目中需要调研下node-red的功能,我大概花了三天时间研究了相关的官方文档,写了几个Demo总结了下node-red相关的功能.如需转载,请注明出处 https://www.cnblogs. ...

  3. [转] CV Datasets on the web

    转自:CVPapers This material is presented to ensure timely dissemination of scholarly and technical wor ...

  4. 【机器学习】【计算机视觉】非常全面的图像数据集《Actions》

    目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物.建筑 ...

  5. Design and Analysis of Algorithms_Decrease-and-Conquer

    I collect and make up this pseudocode from the book: <<Introduction to the Design and Analysis ...

  6. [计算机取证技术] VDI-in-a-Box Analysis Results

    原文跳转: http://dig4n6.blogspot.tw/2013/07/vdi-in-box-analysis-results.html *文中引用图片如无法浏览,请科学上网* VDI-in- ...

  7. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  8. Top 40 Static Code Analysis Tools

    https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/ In this article, I have ...

  9. LoadRunner 录制 mobile

    方法一:本地安装安卓模拟器,用LR选择模拟器录制方式录制 方法二:手机真机需要root,可以在电脑上下载一键root工具(如卓大师),然后手机和电脑用数据线连接,然后root. 在手机上运行 Mobi ...

随机推荐

  1. 新学期的第一节Android课

    老师问,你们认为师生关系是什么样子的? 机智的我很快想到啦:或许是猫和老鼠的关系吧,嘿嘿O(∩_∩)O

  2. android开发之多线程实现方法概述

    一.单线程模型 当一个程序第一次启动时,Android会同时启动一个对应的主线程(Main Thread),主线程主要负责处理与UI相关的事件,如:用户的按键事件,用户接触屏幕的事件以及屏幕绘图事件, ...

  3. Mac下tomcat配置ssl

    最近在搞单点登录CAS,第一步就是需要给tomcat配置证书.但是,第一次配置就遇到了个问题排插了一下午.下面来存一份文档,以备以后遇到. 一.首先准备好环境 java环境:配置好环境变量,找到jdk ...

  4. layer插件

    最近在做公司的官网,其中有用到layer这款插件,以前没有接触过,不过学下来觉得好用好学.下面分享一下我的学习心得. layer是web弹出层组件.在官网下载好layer后,把他部署到你的项目文件中( ...

  5. CUDA随机数生成库curand——deviceAPI

    原创作品,如要转载请注明出处:http://www.cnblogs.com/shrimp-can/p/6590152.html 最近要在device函数中使用curand库生成随机数,查找了下资料,除 ...

  6. JAVA-Servlet-ServletConfig 与 ServletContext 的区别

    什么是ServletConfig? Servlet容器初始化一个servlet对象时,会为这个servlet对象创建一个servletConfig对象.在servletConfig对象中包含了serv ...

  7. Alamofire源码解读系列(八)之安全策略(ServerTrustPolicy)

    本篇主要讲解Alamofire中安全验证代码 前言 作为开发人员,理解HTTPS的原理和应用算是一项基本技能.HTTPS目前来说是非常安全的,但仍然有大量的公司还在使用HTTP.其实HTTPS也并不是 ...

  8. Hibernate中遇见的问题

    1.在用Hibernate写增删改查时,有两种方式:a.HQL语句,b.原生态sql语句 如果我要执行的语句是:select * from Question HQL是这么写的: Session ses ...

  9. synchronized关键字

    最近重新梳理了下java的synchronized相关内容,希望能帮助到有需要的朋友们. 主要阐述以下几个问题: 1.非static方法前加synchronized class Demo{ synch ...

  10. 从零开始学习springboot之springboot搭建

    博主刚开始实习不久,还是小白一枚,被公司的各种新奇技术搞得眼花缭乱了好久,主要是用springboot和dubbo构建起来的项目.看完之后才知道springboot真的是java开发者的福音啊 话不多 ...