My friend Carrie'd like to know "Garena 传说对决" violates any mobile risks such as insecure data storage or sensitive data disclosure . Let's take a look at this very popular mobile game "Garena 传说对决" . It would be very interesting~

Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game forensics的更多相关文章

  1. Use BEC to do mobile phone forensics

    Belkasoft Evidence Center makes me very impressed that it supports lots of evidence type. I have to ...

  2. 微信破解,解密?How To Decrypt WeChat EnMicroMsg.db Database?

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  3. A barrier for Mobile Forensics - Samsung Secure Folder

    Since I mentioned about "Second Space", let's take a look at Samsung "Secure Folder&q ...

  4. UWP开发之Mvvmlight实践七:如何查找设备(Mobile模拟器、实体手机、PC)中应用的Log等文件

    在开发中或者后期测试乃至最后交付使用的时候,如果应用出问题了我们一般的做法就是查看Log文件.上章也提到了查看Log文件,这章重点讲解下如何查看Log文件?如何找到我们需要的Packages安装包目录 ...

  5. ipad&mobile通用webapp框架前哨战

    响应式设计的意义 随着移动设备的发展,移动设备以迅猛的势头分刮着PC的占有率,ipad或者android pad的市场占有率稳步提升,所以我们的程序需要在ipad上很好的运行,对于公司来说有以下负担: ...

  6. jQuery Mobile入门

    转:http://www.cnblogs.com/linjiqin/archive/2011/07/17/2108896.html 简介:jQuery Mobile框架可以轻松的帮助我们实现非常好看的 ...

  7. 解决Jquery mobile点击较长文本body的时候Header和footer会渐入渐出的问题

         在做一个Phonegap+Jqm工程的时候,出现了如题的问题,相信很多人都遇到过Jquerymobile点击body时候header和footer会闪烁的显示和隐藏问题,fixed却并不能真 ...

  8. jquery mobile 问问多多

    jquery mobile  问题多多,兼容性太差.android4.1下完全崩溃.以后再也不用jquery mobile了

  9. front end about mobile web techs

    WEB OF DEVICES http://www.w3.org/standards/webofdevices/ MOBILE WEB http://www.w3.org/standards/webd ...

随机推荐

  1. 【docker学习二】CentOS7.5+Docker 镜像(容器)的使用

    承接上篇:https://mp.csdn.net/postedit/82744127 上文介绍了容器与镜像的基本操作,这里总结下容器的使用. 先在官网找到一个镜像: https://hub.docke ...

  2. C#—使用InstallerProjects打包桌面应用程序

    前言 打包桌面应用程序实在是一个不常使用的东西,偶尔使用起来经常会忘东忘西的耽误时间,因此,这篇文章多以图片记录过程,也是用于备忘. 下载打包工具 C#打包桌面应用程序有很多种方法,这里介绍一种使用M ...

  3. Ubuntu 16.04.3启动MySQL报错

    今天安装mysql,连接MySQL时报错mysql: [Warning] Using a password on the command line interface can be insecure. ...

  4. Angular中input和output使用

    // 写法一: 1 @Components({ 2 ...., 3 inputs:['init'], 4 outputs:['finish'] 5 }) 6 export class xxx(){ 7 ...

  5. spark 源码分析之五 -- Spark内置RPC机制剖析之一创建NettyRpcEnv

    在前面源码剖析介绍中,spark 源码分析之二 -- SparkContext 的初始化过程 中的SparkEnv和 spark 源码分析之四 -- TaskScheduler的创建和启动过程 中的C ...

  6. mysql中id值被重置的情况

    MySQL中,如果你为一张使用了innodb引擎的表指定了一auto_increment列,那么这张表会有一个auto_increment计数器,专门记录当前auto_increment的相关值,用来 ...

  7. Excel中RATE函数的Java实现

    public class RATE { /** * calculateRate:类excel中的RATE函数,计算结果值为月利率,年华利率 需*12期. <br/> * rate = ca ...

  8. 一篇文章学会Docker命令

    目录 简介 镜像仓库 login pull push search 本地镜像管理 images rmi tag build history save load import 容器操作 ps inspe ...

  9. ServiceFabric极简文档-4.1 学习路线图

    Service Fabric学习路线图 原文地址:Service Fabric学习路线图 ​

  10. Oracle粗心大意总结篇

    有时候写sql语句不细心的话,很容易犯大错误,导致你纠结好久,找不到原因,慢慢总结: 错误1: SELECT * FROM( SELECT USER.*, ROWNUM AS CON FROM USE ...