乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-19: 细节已通知厂商并且等待厂商处理中 2016-04-22: 厂商已经确认,细节仅向厂商公开 2016-05-02: 细节向核心白帽子及相关领域专家公开 2016-05-12: 细节向普通白帽子公开 2016-05-22: 细节向实习白帽子公开 2016-06-06: 细节向公众公开
最近电信诈骗,钓鱼是个热门,针对几个apk进行逆向分析。大致类型分为三种,第一;邮箱接收 不加密 第二:邮箱接收 加密 第三:手机接收
定位到10086 (1)\Project\smali\com\phone\stop\db\a.smali
.method public h()Ljava/lang/String; .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "a60" const-string v2, "aa13178899187@**.**.**.**" invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; move-result-object v0 return-object v0.end method.method public h(Z)V .locals 2 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor; move-result-object v0 const-string v1, "has_send_phone_info" invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor; invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z return-void.end method.method public i()Ljava/lang/String; .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "a70" const-string v2, "aa13178899187@**.**.**.**" invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; move-result-object v0 return-object v0.end method.method public i(Z)V .locals 2 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor; move-result-object v0 const-string v1, "has_send_contacts" invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor; invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z return-void.end method.method public j()Ljava/lang/String; .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "a80" const-string v2, "123456qq"
几个apk都是在这个位置有些加密的
.method public p()Ljava/lang/String; .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "receive_email_account" const-string v2, "0670c32ce2e01835626259e19b7afc5142c4667d5d21f62b" invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; move-result-object v0 return-object v0.end method.method public q()Z .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "has_set_receive_email_account" const/4 v2, 0x0 invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z move-result v0 return v0.end method.method public r()Ljava/lang/String; .locals 3 iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences; const-string v1, "send_email_pwd" const-string v2, "079a82dbbb2bafefd0c3804faf7f793c"
获得进行登陆
aa13178899187@**.**.**.** 123456qqasdoiqpjvb@**.**.**.** qwe1314poi890bn
剧归属地查询以及受害群体,广州有伪基站
危害等级:高
漏洞Rank:20
确认时间:2016-04-22 15:36
CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无
