中行智慧食堂.apk分析结果

温馨提示：APP静态检测会有结果不完整的现象，如有疑问或建议，可加入我们的微信群讨论

APP图标

下载APP

文件信息

文件名 tongchuan_huayi_v1.0.16.apk
文件大小 10.94MB
MD5值 7ab3d6653ff8e8afd76891fb0d83f162
SHA1值 c062f98b8d3296c9e48c534ca250464aac5c4436
SHA256值 e1506500ffc0b8d52dac80f077bcb1d927c63a6fc8c8acd48548dc390d1c6172

APK信息

APK名称中行智慧食堂
包名 com.becypress.consumermachine
主活动 com.becypress.consumermachine.ActivateActivity
安卓版本名称 1.0.16

域名线索 15 条

查看

URL线索 49 条

查看

邮箱线索 0 条

查看

手机号线索 3 条

查看

域名线索

域名	ip	地区
wiki.eclipse.org	198.41.30.195	Canada - Ontario
netty.io	172.67.130.186	United States of America - California
169.254.88.3	169.254.88.3	- - -
apache.org	151.101.2.132	United States of America - California
www.openssl.org	34.49.79.89	United States of America - California
github.com	20.205.243.166	Singapore - Singapore
projectlombok.org	172.67.130.232	United States of America - California
javax.xml.xmlconstants	没有ip信息	没有地区信息
www.w3.org	104.18.22.19	United States of America - California
www.eclipse.org	198.41.30.198	Canada - Ontario
logback.qos.ch	159.100.250.151	Switzerland - Zurich
tools.ietf.org	104.16.44.99	United States of America - California
xml.org	104.239.240.11	United States of America - Texas
groups.google.com	31.13.73.169	Ireland - Dublin
www.slf4j.org	159.100.250.151	Switzerland - Zurich

URL线索

URL信息	Url所在文件
http://logback.qos.ch/css/classic.css	ch/qos/logback/classic/html/UrlCssBuilder.java
http://logback.qos.ch/codes.html	ch/qos/logback/classic/net/SocketReceiver.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/CoreConstants.java
http://logback.qos.ch/manual/	ch/qos/logback/core/CoreConstants.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/FileAppender.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/OutputStreamAppender.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/joran/action/AppenderRefAction.java
http://xml.org/sax/features/validation	ch/qos/logback/core/joran/event/SaxEventRecorder.java
http://xml.org/sax/features/namespaces	ch/qos/logback/core/joran/event/SaxEventRecorder.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/net/SyslogAppenderBase.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/net/AbstractSocketAppender.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/net/SMTPAppenderBase.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/pattern/parser/Parser.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/SizeBasedTriggeringPolicy.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/TimeBasedRollingPolicy.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/RollingFileAppender.java
http://logback.qos.ch/manual/appenders.html	ch/qos/logback/core/rolling/SizeAndTimeBasedFNATP.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/FixedWindowRollingPolicy.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/TimeBasedFileNamingAndTriggeringPolicyBase.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/rolling/helper/RenameUtil.java
http://logback.qos.ch/codes.html	ch/qos/logback/core/sift/SiftingJoranConfiguratorBase.java
http://169.254.88.3/bc/gateway/	com/becypress/consumermachine/util/ConfigUtil.java
http://169.254.88.3/bc/gateway/em/	com/becypress/consumermachine/util/ConfigUtil.java
http://javax.xml.XMLConstants/feature/secure-processing	com/fasterxml/jackson/databind/ext/DOMDeserializer.java
http://apache.org/xml/features/disallow-doctype-decl	com/fasterxml/jackson/databind/ext/DOMDeserializer.java
http://apache.org/xml/features/nonvalidating/load-external-dtd	com/fasterxml/jackson/databind/ext/DOMDeserializer.java
https://tools.ietf.org/html/rfc7540	io/netty/handler/codec/http2/HttpConversionUtil.java
https://wiki.eclipse.org/Jetty/Feature/NPN	io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
http://netty.io/wiki/forked-tomcat-native.html	io/netty/handler/ssl/OpenSsl.java
https://www.openssl.org/docs/man1.0.2/apps/verify.html.	io/netty/handler/ssl/OpenSslCertificateException.java
http://netty.io/wiki/sslcontextbuilder-and-private-key.html	io/netty/handler/ssl/PemReader.java
http://www.eclipse.org/jetty/documentation/current/alpn-chapter.html	io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
http://netty.io/wiki/reference-counted-objects.html	io/netty/util/ResourceLeakDetector.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Completable.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Single.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Maybe.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Observable.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Flowable.java
https://github.com/ReactiveX/RxJava/wiki/Error-Handling	io/reactivex/exceptions/OnErrorNotImplementedException.java
https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0	io/reactivex/exceptions/UndeliverableException.java
https://projectlombok.org/LICENSE	lombok/core/Main.java
https://projectlombok.org	lombok/installer/Installer.java
http://groups.google.com/group/project-lombok	lombok/installer/eclipse/EclipseProductLocation.java
https://projectlombok.org/not/calculated	lombok/eclipse/EclipseAST.java
https://projectlombok.org	lombok/eclipse/agent/PatchFixesShadowLoaded.java
https://projectlombok.org/	lombok/eclipse/agent/PatchFixesShadowLoaded.java
https://projectlombok.org/features/experimental/FieldNameConstants	lombok/eclipse/handlers/HandleFieldNameConstants.java
https://projectlombok.org/features/experimental/FieldNameConstants	lombok/javac/handlers/HandleFieldNameConstants.java
http://www.slf4j.org/codes.html	org/slf4j/MDC.java
http://www.slf4j.org/codes.html	org/slf4j/LoggerFactory.java
http://logback.qos.ch/codes.html	org/slf4j/impl/StaticLoggerBinder.java
http://localhost/	retrofit2/Response.java

邮箱线索

手机线索

手机号	所在文件
17179869184	lombok/javac/handlers/JavacHandlerUtil.java
17179869184	lombok/javac/handlers/HandleDelegate.java
17179869184	lombok/delombok/PrettyPrinter.java

代码反编译

AndroidManifest配置查看

Java源代码查看 -- 下载

APK文件会员可下载

签名证书

APK已签名
v1 签名: True
v2 签名: True
v3 签名: False
找到 1 个唯一证书
主题: CN=consumer
签名算法: rsassa_pkcs1v15
有效期自: 2021-03-30 02:01:17+00:00
有效期至: 2121-03-06 02:01:17+00:00
发行人: CN=consumer
序列号: 0x550dd2aa
哈希算法: sha256
md5值: ac1749f178ad4bf563ac92bfb496cee7
sha1值: 851fcaa553dbeda28e95f26d02eb96b38fa8d24f
sha256值: b3904006b73c7df15e3a4d5efefb27ba3f3ea08d547523fde6f6f7feaca963a7
sha512值: 07c20f15bed49e616bbf999d894b44927cdcd39f7814645ff430c1e2497546ae34affd2b8c3f46f412b5d31eff059132692f8992942a64f4ecf3a84440d27855
公钥算法: rsa
密钥长度: 2048
指纹: fc0b45b456cf3ca5c45262ba566dbd97c295d7e9f77d0fe221991b7573a78d33

硬编码敏感信息

"login_pwd" : "使用密码登录"

加壳分析

会员可查看

第三方插件

会员可查看

危险动作

向手机申请的权限	是否危险	类型	详细情况
android.permission.ACCESS_WIFI_STATE	正常	查看Wi-Fi状态	允许应用程序查看有关 Wi-Fi 状态的信息
android.permission.CAMERA	危险	拍照和录像	允许应用程序用相机拍照和录像。这允许应用程序收集相机随时看到的图像
android.permission.INTERNET	正常	互联网接入	允许应用程序创建网络套接字
android.permission.RECEIVE_BOOT_COMPLETED	正常	开机时自动启动	允许应用程序在系统完成启动后立即启动。这可能会使启动手机需要更长的时间,并允许应用程序通过始终运行来减慢整个手机的速度
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储
android.permission.READ_EXTERNAL_STORAGE	危险	读取外部存储器内容	允许应用程序从外部存储读取
android.permission.READ_PHONE_STATE	危险	读取电话状态和身份	允许应用访问设备的电话功能。具有此权限的应用程序可以确定此电话的电话号码和序列号,呼叫是否处于活动状态,呼叫所连接的号码等