Let's take a look at a very popular mobile game "Garena 传说对决" . It would be very interesting~

My friend Carrie's confused about "Certificate Pinning". Let me show you how to verify  "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.

Nothing found and only an error occurs. Good job~

Let me show you the SSL handshake.

Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~

Furthermore we extract its folder and take a look inside it.

Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~

Anything else? E-mail address in plaintext!

No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!

Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.

Mobile game analysis的更多相关文章

  1. zhuan 常用图像数据集:标注、检索

      目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物. ...

  2. 【技术调研】最强Node-RED初探总结

    在某个项目中需要调研下node-red的功能,我大概花了三天时间研究了相关的官方文档,写了几个Demo总结了下node-red相关的功能.如需转载,请注明出处 https://www.cnblogs. ...

  3. [转] CV Datasets on the web

    转自:CVPapers This material is presented to ensure timely dissemination of scholarly and technical wor ...

  4. 【机器学习】【计算机视觉】非常全面的图像数据集《Actions》

    目录(?)[+]   1.搜狗实验室数据集: http://www.sogou.com/labs/dl/p.html 互联网图片库来自sogou图片搜索所索引的部分数据.其中收集了包括人物.动物.建筑 ...

  5. Design and Analysis of Algorithms_Decrease-and-Conquer

    I collect and make up this pseudocode from the book: <<Introduction to the Design and Analysis ...

  6. [计算机取证技术] VDI-in-a-Box Analysis Results

    原文跳转: http://dig4n6.blogspot.tw/2013/07/vdi-in-box-analysis-results.html *文中引用图片如无法浏览,请科学上网* VDI-in- ...

  7. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  8. Top 40 Static Code Analysis Tools

    https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/ In this article, I have ...

  9. LoadRunner 录制 mobile

    方法一:本地安装安卓模拟器,用LR选择模拟器录制方式录制 方法二:手机真机需要root,可以在电脑上下载一键root工具(如卓大师),然后手机和电脑用数据线连接,然后root. 在手机上运行 Mobi ...

随机推荐

  1. webots自学笔记(四)传感器API使用、查看官方文档

           原创文章,来自“博客园,_阿龙clliu” http://www.cnblogs.com/clliu/,转载请注明原文章出处.           不能说webots的学习资料少,只能说 ...

  2. YIi2 Pjax简单使用

    1.点击事件需要在Pjax::begin() 和Pjax::end()范围内 2.需要在链接配置数组后加上  ['data-pjax'=>'#testPjax'] 其中,'#testPjax‘是 ...

  3. adt的问题An internal error has occurred. After scene creation, #init() must be called

    这个问题困扰了我好久,我也尝试去百度.google无济于事啊,让我寝食难安,太难受了,我把它贴出来,希望后人不绕弯子... 解决办法: 即可,解决这一个问题,现在酣畅淋漓,挥洒自如的capy代码了

  4. pycharm社区版无database 解决方法

    第一步,点击file/setting/plugins 如下图所示 第二步,搜索database 安装database Nivagator 并Apply 第三步,新建数据库连接,open sql con ...

  5. 解决华为手机不打印Log信息的问题

    在之前安装了Android Studio后,发现了一个很苦恼的事情,就是在程序中的写Log语句,不能正常的在Logcat中打印出来,这对于解决程序bug真是一刀切断,让人无从下手,在各种尝试后,首先我 ...

  6. keystone无法查看catalog并且用户无法申请令牌的解决方案

    在运行openstack catalog list之后提示: Only an authorized user may issue a new token. #只有授权用户才能申请token opens ...

  7. PMP和PRINCE2的价值各是什么?PRINCE2的含金量如何?PMP和prince2有什么区别?

    很多学员朋友会问我同样的问题:"PMP和PRINCE2到底有什么区别?哪个含金量更高?"看来,这是所有要参加认证的朋友普遍关心的问题,我将根据自己的切身体会,从三个方面回答这个问题 ...

  8. 老李推荐:第8章2节《MonkeyRunner源码剖析》MonkeyRunner启动运行过程-解析处理命令行参数 2

    我们这一节会先去分析下monkeyrunner是如何对参数进行处理的,我们跳转到MonkeyRunnerOptions这个类里面的processOptions这个方法: 93   public sta ...

  9. MySQL---连接器(python如何操作数据库媒介,基于python语言)

    MySQL — 连接器 连接器的概念 它们往往是一类Python包,或者是一类已经写好的Python库.这些库提供了我们Python去连接数据库服务器的基本功能. ​ 既然它是一个包,那么我们首先学会 ...

  10. 图的基本算法(BFS和DFS)(转载)

    图是一种灵活的数据结构,一般作为一种模型用来定义对象之间的关系或联系.对象由顶点(V)表示,而对象之间的关系或者关联则通过图的边(E)来表示. 图可以分为有向图和无向图,一般用G=(V,E)来表示图. ...