Let's take a look at a very popular mobile game "Garena 传说对决" . It would be very interesting~

My friend Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game analysis的更多相关文章

  1. zhuan 常用图像数据集:标注、检索

      目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物. ...

  2. 【技术调研】最强Node-RED初探总结

    在某个项目中需要调研下node-red的功能,我大概花了三天时间研究了相关的官方文档,写了几个Demo总结了下node-red相关的功能.如需转载,请注明出处 https://www.cnblogs. ...

  3. [转] CV Datasets on the web

    转自:CVPapers This material is presented to ensure timely dissemination of scholarly and technical wor ...

  4. 【机器学习】【计算机视觉】非常全面的图像数据集《Actions》

    目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物.建筑 ...

  5. Design and Analysis of Algorithms_Decrease-and-Conquer

    I collect and make up this pseudocode from the book: <<Introduction to the Design and Analysis ...

  6. [计算机取证技术] VDI-in-a-Box Analysis Results

    原文跳转: http://dig4n6.blogspot.tw/2013/07/vdi-in-box-analysis-results.html *文中引用图片如无法浏览,请科学上网* VDI-in- ...

  7. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  8. Top 40 Static Code Analysis Tools

    https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/ In this article, I have ...

  9. LoadRunner 录制 mobile

    方法一:本地安装安卓模拟器,用LR选择模拟器录制方式录制 方法二:手机真机需要root,可以在电脑上下载一键root工具(如卓大师),然后手机和电脑用数据线连接,然后root. 在手机上运行 Mobi ...

随机推荐

  1. UI 设计模式 手势识别器

    1> target / action 设计模式 : target ['tɑːgɪt]         1>什么是耦合 : 耦合是衡量一个程序呢写的好坏的标准之一 耦合是衡量模块与模块之间关 ...

  2. 用php+mysql+ajax+jquery做省市区三级联动

    要求:写一个省市区(或者年月日)的三级联动,实现地区或时间的下拉选择. 实现技术:php ajax 实现:省级下拉变化时市下拉区下拉跟着变化,市级下拉变化时区下拉跟着变化. 使用chinastates ...

  3. H5 视频

    HTML 5 视频 HTML5 简介 HTML5 视频/DOM 许多时髦的网站都提供视频.HTML5 提供了展示视频的标准. 检测您的浏览器是否支持 HTML5 视频: Yes! Full suppo ...

  4. Java 字符流操作

    上篇文章Java 字节流操作介绍了java中基本的字节流操作,但是我们常常对于字符操作,如果使用字节流来实现输入输出就显得麻烦,我们可以使用字符流来实现对我们看得见的字符char进行操作,主要内容如下 ...

  5. Robot Framework 关键字自定义

    关键字自定义有三种方法: 1.在自动化目录中右键-->New User Keyword 2.选中case中的步骤(可选多行),右键-->Extract Keyword 3.自己写模块,自定 ...

  6. SSH里面使用jQuery的ajax

    今天我真的很兴奋!在我的SSH项目中用jQuery的异步传输成功了,经过一天多的奋战,大工告成! 我的项目需求是在javascript中向我的controller(即:action)中传输form表单 ...

  7. centos登录时一闪而过,显示module is unknown

    原因是修改了在/etc/pam.d/login中加入了: session required /lib/security/pam_limits.so session required pam_limit ...

  8. malloc函数及用法

    动态存储分配在数组一章中,曾介绍过数组的长度是预先定义好的,在整个程序中固定不变.C语言中不允许动态数组类型.例如:int n;scanf("%d",&n);int a[n ...

  9. 转载 webstrom识别 React语法

    对于程序员而言:驼峰和下划线之间是一场宗派战争:大括号是否换行会成为一种党派:逗号写在行尾还是行首的人来自不同星球-- 然而,无规矩不成方圆,任何一个团队,要想有高质量的产出,第一步必须要对一些基本的 ...

  10. CSV工具类

    分享自己昨天写的CSV工具类, 主要实现解析CSV格式, 直接上代码 #region private /// <summary> /// 从sr当前位置解析一个栏位 /// </su ...