Mobile game analysis
Let's take a look at a very popular mobile game "Garena 传说对决" . It would be very interesting~
My friend Carrie's confused about "Certificate Pinning". Let me show you how to verify "Certificate Pinning". Use a proxy server to intecept any sensitive data when user log in.
Nothing found and only an error occurs. Good job~
Let me show you the SSL handshake.
Second we take a look at its encryption method and key. It's AES 128bit encryption, but what happen to the key??? Poor lazy developers, she/he must be a funny guy~
Furthermore we extract its folder and take a look inside it.
Look! Account name in plaintext found in cache.db-wal. Fortunely password is encrypted. Nice job~
Anything else? E-mail address in plaintext!
No way gps location found! Why Garena needs to know where user live? That's too much. It's my privacy!!!
Garena does well on "Certificate Pinning" but it should take user's privacy into account. Don't leave those sensitive personal data in plaintext on any plist or database files. At least Garena should encrypt those data. And most important of all, don't collect my gps location. No need to know where users live. It's none of your business. Concentrate on improving your game to make it more attractive and secure. That's what Garena should do.
最新文章
- HTML5 – 3.加强版ol
- Codeforces Round #243 (Div. 2) B. Sereja and Mirroring
- 学习笔记——Maven实战(九)打包的技巧
- Struts – Wildcards example
- Azure编程笔记(1):序列化复杂类型的TableEntity字段
- DataPackage-数据库、表的区域设置和系统不一致导致处理失败
- as3 工具类分享 CookieMgr
- Hard 计算0到n之间2的个数 @CareerCup
- Linux知识扫盲
- 【LeetCode练习题】Unique Paths
- 在Visual Studio Code中开发Office Add-in
- linux 上 mysql 的使用
- 微信小程序中-折线图
- Ado.net 访问Oracle乱码问题
- Asp.net core 学习笔记 ( ViewComponent 组件 )
- Flask-Restful详解
- Darwin Streaming Server for Windows 安装
- Maven教程--02设置Maven本地仓库|查看Maven中央仓库
- Machine Learning系列--L0、L1、L2范数
- css从中挖去一个圆