My friend Carrie'd like to know "Garena 传说对决" violates any mobile risks such as insecure data storage or sensitive data disclosure . Let's take a look at this very popular mobile game "Garena 传说对决" . It would be very interesting~

Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game forensics的更多相关文章

  1. Use BEC to do mobile phone forensics

    Belkasoft Evidence Center makes me very impressed that it supports lots of evidence type. I have to ...

  2. 微信破解,解密?How To Decrypt WeChat EnMicroMsg.db Database?

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  3. A barrier for Mobile Forensics - Samsung Secure Folder

    Since I mentioned about "Second Space", let's take a look at Samsung "Secure Folder&q ...

  4. UWP开发之Mvvmlight实践七:如何查找设备(Mobile模拟器、实体手机、PC)中应用的Log等文件

    在开发中或者后期测试乃至最后交付使用的时候,如果应用出问题了我们一般的做法就是查看Log文件.上章也提到了查看Log文件,这章重点讲解下如何查看Log文件?如何找到我们需要的Packages安装包目录 ...

  5. ipad&mobile通用webapp框架前哨战

    响应式设计的意义 随着移动设备的发展,移动设备以迅猛的势头分刮着PC的占有率,ipad或者android pad的市场占有率稳步提升,所以我们的程序需要在ipad上很好的运行,对于公司来说有以下负担: ...

  6. jQuery Mobile入门

    转:http://www.cnblogs.com/linjiqin/archive/2011/07/17/2108896.html 简介:jQuery Mobile框架可以轻松的帮助我们实现非常好看的 ...

  7. 解决Jquery mobile点击较长文本body的时候Header和footer会渐入渐出的问题

         在做一个Phonegap+Jqm工程的时候,出现了如题的问题,相信很多人都遇到过Jquerymobile点击body时候header和footer会闪烁的显示和隐藏问题,fixed却并不能真 ...

  8. jquery mobile 问问多多

    jquery mobile  问题多多,兼容性太差.android4.1下完全崩溃.以后再也不用jquery mobile了

  9. front end about mobile web techs

    WEB OF DEVICES http://www.w3.org/standards/webofdevices/ MOBILE WEB http://www.w3.org/standards/webd ...

随机推荐

  1. kubernetes实战篇之helm示例yaml文件文件详细介绍

    系列目录 前面完整示例里,我们主要讲解helm打包,部署,升级,回退等功能,关于这里面的文件只是简单介绍,这一节我们详细介绍一下这里面的文件,以方便我们参照创建自己的helm chart. Helm ...

  2. .NET开发框架(四)-服务器IIS安装教程

    Windows Server 2012 R2 配置篇,包括服务器IIS安装.网络负载均衡器安装.ASP.NET Core 安装. 前三篇教程中,我们分享了框架的功能与视频演示介绍(文尾扫码 加入 框架 ...

  3. 关于重写equals()和hashCode()的思考

    最近这几天一直对equals()和hashCode()的事搞不清楚,云里雾里的. 为什么重写equals(),我知道. 但是为什么要两个都要重写呢,我就有点迷糊了,所以趁现在思考清楚后记录一下. 起因 ...

  4. Linux下无法执行tree命令问题

    Linux下不能使用tree命令,是因为没有安装命令, 执行下面代码就行了 yum install tree -y

  5. Python入门基础(2)

    如果你是博客园团队,,看到不符合您们要求的地方可否指出来?不要你不符合要求,然后我不符合哪项要求?是要我自己去找么? python条件语句 首先介绍的是if语句,python中的if语句格式如下: i ...

  6. Abnormal build process termination IDEA启动报错

    报错如下: Error:Abnormal build process termination: "C:Program FilesJavajdk1.11.0_1injava" -Xm ...

  7. 【POJ - 3050】Hopscotch (dfs+回溯)

    -->Hopscotch 这接写中文了 Descriptions: 奶牛们以一种独特的方式玩孩子们的跳房子游戏. 奶牛们创造了一个5x5的格子 他们熟练地跳上其中的一个格子,可以前后左右地跳(不 ...

  8. 对象属性 Object.getOwnPropertyNames() Object.keys for...in

    1.Object.getOwnPropertyNames()方法返回一个由指定对象的所有自身属性的属性名(包括不可枚举属性但不包括Symbol值作为名称的属性)组成的数组. Object.getOwn ...

  9. 20131228-sql命令

    开始 --cmd net start mssqlservernetnet stop mssqlserver

  10. Java面试题汇总---升级版(附答案)

    前几天写了Java面试题汇总---基础版,总结了面试中常见的问题及答案,那我今天基于昨天的话题做一次升级,也就是说,求职者除了要学习了解哪些常见的基础面试题之外,还得准备些什么呢? 对有工作经验的求职 ...