如上图,apk已经用腾讯加固过,但是被检测出3个高危漏洞(RN项目)
1、activity劫持:
在MainActivity中:
@Override
protected void onResume() {
AntiHijackingUtils.getinstance().onResume();
super.onResume();
Log.e("生命周期","onResume");
}
@Override
protected void onPause() {
AntiHijackingUtils.getinstance().onPause(this);
super.onPause();
Log.e("生命周期","onPause");
}
import android.app.Activity;
import android.widget.Toast;
import java.util.ArrayList;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
public class AntiHijackingUtils {
/**
* 用于执行定时任务
*/
private Timer timer = null;
/**
* 用于保存当前任务
*/
private List<MyTimerTask> tasks = null;
/**
* 唯一实例
*/
private static AntiHijackingUtils anti_hijackingUtils;
private AntiHijackingUtils() {
// 初始化
tasks = new ArrayList<MyTimerTask>();
timer = new Timer();
}
/**
* 获取唯一实例
*
* @return 唯一实例
*/
public static AntiHijackingUtils getinstance() {
if (anti_hijackingUtils == null) {
anti_hijackingUtils = new AntiHijackingUtils();
}
return anti_hijackingUtils;
}
/**
* 在activity的onPause()方法中调用
*
* @param activity
*/
public void onPause(final Activity activity) {
MyTimerTask task = new MyTimerTask(activity);
tasks.add(task);
timer.schedule(task, 2000);
}
/**
* 在activity的onResume()方法中调用
*/
public void onResume() {
if (tasks.size() > 0) {
tasks.get(tasks.size() - 1).setCanRun(false);
tasks.remove(tasks.size() - 1);
}
}
/**
* 自定义TimerTask类
*/
class MyTimerTask extends TimerTask {
/**
* 任务是否有效
*/
private boolean canRun = true;
private Activity activity;
public void setCanRun(boolean canRun) {
this.canRun = canRun;
}
public MyTimerTask(Activity activity) {
this.activity = activity;
}
@Override
public void run() {
activity.runOnUiThread(new Runnable() {
@Override
public void run() {
if (canRun) {
// 程序退到后台,进行风险警告
Toast.makeText(activity, "应用切换至后台运行",
Toast.LENGTH_LONG).show();
tasks.remove(MyTimerTask.this);
}
}
});
}
}
}
2、动态调试及so注入:
build.gradle中的release中:debuggable false
在Application的onCreate中:
private void exitMy() {
//非Debug 编译,反调试检测
if (!BuildConfig.DEBUG) {
if (isDebuggable()) {
exit(0);
}
Thread t = new Thread(new Runnable() {
@Override
public void run() {
while (true) {
try {
sleep(100);
if (Debug.isDebuggerConnected()) {
exit(0);
}
if (isUnderTraced()) {
exit(0);
}
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
}, "SafeGuardThread");
t.start();
}
if (isUnderTraced()) {
exit(0);
}
// CrashReport.initCrashReport(getApplicationContext(), "4abcbaaf23", BuildConfig.DEBUG);
}
private boolean isUnderTraced() {
String processStatusFilePath = String.format(Locale.US, "/proc/%d/status", android.os.Process.myPid());
File procInfoFile = new File(processStatusFilePath);
try {
BufferedReader b = new BufferedReader(new FileReader(procInfoFile));
String readLine;
while ((readLine = b.readLine()) != null) {
if (readLine.contains("TracerPid")) {
String[] arrays = readLine.split(":");
if (arrays.length == 2) {
int tracerPid = Integer.parseInt(arrays[1].trim());
if (tracerPid != 0) {
return true;
}
}
}
}
b.close();
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
public boolean isDebuggable() {
return 0 != (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE);
}