Let's take a look at a very popular mobile game "Garena 传说对决" . It would be very interesting~

My friend Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game analysis的更多相关文章

  1. zhuan 常用图像数据集:标注、检索

      目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物. ...

  2. 【技术调研】最强Node-RED初探总结

    在某个项目中需要调研下node-red的功能,我大概花了三天时间研究了相关的官方文档,写了几个Demo总结了下node-red相关的功能.如需转载,请注明出处 https://www.cnblogs. ...

  3. [转] CV Datasets on the web

    转自:CVPapers This material is presented to ensure timely dissemination of scholarly and technical wor ...

  4. 【机器学习】【计算机视觉】非常全面的图像数据集《Actions》

    目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物.建筑 ...

  5. Design and Analysis of Algorithms_Decrease-and-Conquer

    I collect and make up this pseudocode from the book: <<Introduction to the Design and Analysis ...

  6. [计算机取证技术] VDI-in-a-Box Analysis Results

    原文跳转: http://dig4n6.blogspot.tw/2013/07/vdi-in-box-analysis-results.html *文中引用图片如无法浏览,请科学上网* VDI-in- ...

  7. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  8. Top 40 Static Code Analysis Tools

    https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/ In this article, I have ...

  9. LoadRunner 录制 mobile

    方法一:本地安装安卓模拟器,用LR选择模拟器录制方式录制 方法二:手机真机需要root,可以在电脑上下载一键root工具(如卓大师),然后手机和电脑用数据线连接,然后root. 在手机上运行 Mobi ...

随机推荐

  1. Spring Boot启动过程(五):Springboot内嵌Tomcat对象的start

    标题和上一篇很像,所以特别强调一下,这个是Tomcat对象的. 从TomcatEmbeddedServletContainer的this.tomcat.start()开始,主要是利用Lifecycle ...

  2. STL部分的实现

    C++的STL很强大,里面实现很多功能 就平时经常会用到的vector之类的,自己实现一下, 有哪块错误的希望大神给予指点 vector类模板 template<typename T>cl ...

  3. Android使用Aspectj

    使用AspectJ 集成步骤: 1.AS配置Aspectj环境 2.配置使用ajc编译 4.定义注解 5.配置规则 6.使用 7.注意事项 AS配置Aspectj环境.Aspect目前最新版本为 1. ...

  4. java操作txt文本(二):删除文本括号内的内容

    想法由来:之前写读书报告时,遇到一些烦人的文献,总喜欢把注释作为括号内容放到正文中,使文章繁琐冗长,所以写了下面这个代码,剔除了括号内的内容. 适用条件:原txt文本中的括号使用正确,即左右括号匹配正 ...

  5. 樱花的季节,教大家用canvas画出飞舞的樱花树

    又到了樱花的季节,教大家使用canvas画出飞舞的樱花树效果. 废话少说,先看效果. 演示效果地址:http://suohb.com/work/tree4.htm 查看演示效果 第一步,我们先画出一棵 ...

  6. while循环学习之统计流量

    /application/apache/logs/bbs-access_log日志文件中任意一行的格式如下,以空格为间隔第十列(2632)为此次请求内容的字节数大小 192.168.220.1 - - ...

  7. 20. Valid Parentheses - 括号匹配验证

    Description: Given a string containing just the characters '(', ')', '{', '}', '[' and ']', determin ...

  8. javaWEB与EL表达式

    EL表达式1. EL是JSP内置的表达式语言!  * jsp2.0开始,不让再使用java脚本,而是使用el表达式和动态标签来替代java脚本!  * EL替代的是<%= ... %>,也 ...

  9. Oracle14~23

    14.查询所有学生的Sname.Cno和Degree列. 15.查询所有学生的Sno.Cname和Degree列. 16.查询所有学生的Sname.Cname和Degree列. 17. 查询“9503 ...

  10. oracle事物总结(转)

    关于Oracle事务的总结 1.什么是事务,事务的特性是什么? 事务的任务便是使数据库从一种状态变换成为另一种状态,这不同于文件系统,它是数据库所特用的.它的特性有四个:TOM总结为ACID即原子性a ...