北京大学.apk分析结果

温馨提示：APP静态检测会有结果不完整的现象，如有疑问或建议，可加入我们的微信群讨论

APP图标

下载APP

文件信息

文件名 PKUAndroid.apk
文件大小 30.83MB
MD5值 034436636065b7568d867f7da1f0798a
SHA1值 bf3d69a41c8994741f44d1cfa833ee9ad69d8090
SHA256值 5fa6f459325f11d039641a1e6a03b087f5a713ce58b1b004fd03fae5f7343d50

APK信息

APK名称北京大学
包名 cn.edu.pku.PKUAndroid
主活动 cn.edu.pku.PKUAndroid.ui.splash.SplashV2Activity
安卓版本名称 2.1.9

域名线索 39 条

查看

URL线索 44 条

查看

邮箱线索 2 条

查看

手机号线索 6 条

查看

域名线索

域名	ip	地区
infoservice.pku.edu.cn	111.205.231.106	China - Beijing
vop.baidu.com	111.206.209.68	China - Beijing
aip.baidubce.com	111.206.210.12	China - Beijing
card.pku.edu.cn	111.205.231.29	China - Beijing
upl.baidu.com	110.242.68.241	China - Hebei
yanyuan.pku.edu.cn	162.105.131.197	China - Beijing
api.isignet.cn	60.205.85.33	China - Beijing
162.105.133.52	162.105.133.52	China - Beijing
service.isignet.cn	59.110.244.106	China - Beijing
vse.baidu.com	110.242.68.242	China - Hebei
wx.tenpay.com	220.196.148.65	China - Jiangsu
162.105.126.188	162.105.126.188	China - Beijing
iaaa.pku.edu.cn	111.205.231.71	China - Beijing
audiotest.baidu.com	180.101.49.122	China - Jiangsu
its.pku.edu.cn	162.105.129.65	China - Beijing
beian.miit.gov.cn	119.39.205.85	China - Hunan
brain.baidu.com	110.242.69.34	China - Hebei
schemas.android.com	127.0.0.1	- - -
gong.isignet.cn	59.110.244.106	China - Beijing
github.com	127.0.0.1	- - -
developer.baidu.com	153.3.237.63	China - Jiangsu
openapi.alipay.com	110.76.18.202	China - Zhejiang
face.baidu.com	112.34.111.253	China - Beijing
cwsf.pku.edu.cn	111.205.231.106	China - Beijing
d.alipay.com	111.202.5.210	China - Beijing
api.megvii.com	101.201.33.41	China - Zhejiang
xiaobei.pku.edu.cn	162.105.209.22	China - Beijing
openapi.baidu.com	110.242.69.36	China - Hebei
android.asset	没有ip信息	没有地区信息
www.bjca.cn	59.110.244.106	China - Beijing
yuyin.baidu.com	153.3.237.166	China - Jiangsu
mclient.alipay.com	116.142.235.203	China - Beijing
news.pku.edu.cn	115.27.241.31	China - Beijing
10.138.32.176	10.138.32.176	- - -
www.pku.edu.cn	111.205.231.92	China - Beijing
162.105.133.65	162.105.133.65	China - Beijing
ai.baidu.com	110.242.69.34	China - Hebei
bdcard.pku.edu.cn	162.105.120.171	China - Beijing
wxsp.pku.edu.cn	111.205.231.106	China - Beijing

URL线索

URL信息	Url所在文件
https://xiaobei.pku.edu.cn	cn/edu/pku/PKUAndroid/base/http/HttpAssistantConstant.java
https://its.pku.edu.cn/pku_gateway_apps/	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2ByOtpCode.do	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2.do	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://wxsp.pku.edu.cn/portal2017/util/portletRedir.do	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://aip.baidubce.com/	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
http://162.105.126.188:5005	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://infoservice.pku.edu.cn	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://its.pku.edu.cn	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
http://162.105.133.65:10006/	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://wxsp.pku.edu.cn/portal2017/wechatSSOLogin.do	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://wxsp.pku.edu.cn	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
http://162.105.133.52:8080/portal2017/	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://iaaa.pku.edu.cn/iaaa/oauth.jsp	cn/edu/pku/PKUAndroid/base/http/HttpConstant.java
https://beian.miit.gov.cn/	cn/edu/pku/PKUAndroid/ui/main/fragment/mine/about/AboutActivity.java
https://xiaobei.pku.edu.cn/api/api_chat_playground	cn/edu/pku/PKUAndroid/ui/assistant/fragment/AssistantChatPresenter.java
https://yanyuan.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://bdcard.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://cwsf.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://cwsf.pku.edu.cn/MNetWorkUI/paysuccess.htm	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://d.alipay.com	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2ByOtpCode.do?otpCode=	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2.do?moduleID=	cn/edu/pku/PKUAndroid/ui/web/WebViewV2Fragment.java
https://yanyuan.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://bdcard.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://cwsf.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://cwsf.pku.edu.cn/MNetWorkUI/paysuccess.htm	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://d.alipay.com	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2ByOtpCode.do?otpCode=	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://wxsp.pku.edu.cn/portal2017/appSSOLogin2.do?moduleID=	cn/edu/pku/PKUAndroid/ui/web/WebViewV4Fragment.java
https://card.pku.edu.cn	cn/edu/pku/PKUAndroid/ui/offline_pay/OfflinePayPresenter.java
https://openapi.alipay.com/gateway.do?	cn/edu/pku/PKUAndroid/ui/newweb/WebActivity.java
https://mclient.alipay.com/cashier/mobilepay.htm?	cn/edu/pku/PKUAndroid/ui/newweb/WebActivity.java
https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?	cn/edu/pku/PKUAndroid/ui/newweb/WebActivity.java
https://bdcard.pku.edu.cn/berserker-auth/cas/login/pku?targetUrl=https%3A%2F%2Fbdcard.pku.edu.cn%2Fberserker-base%2Fredirect%3FappId%3D7%26type%3Dapp%26loginFrom%3Dapp	cn/edu/pku/PKUAndroid/utils/UrlUtils.java
https://bdcard.pku.edu.cn/berserker-auth/cas/login/pku?targetUrl=https%3A%2F%2Fbdcard.pku.edu.cn%2Fberserker-base%2Fredirect%3Ftype%3Durl%26url%3Dhttps%253A%252F%252Fbdcard.pku.edu.cn%252Fplat%252FshouyeUser%26loginFrom%3Dapp	cn/edu/pku/PKUAndroid/utils/UrlUtils.java
https://bdcard.pku.edu.cn/berserker-auth/cas/login/pku?targetUrl=https%3A%2F%2Fbdcard.pku.edu.cn%2Fberserker-base%2Fredirect%3FappId%3D16%26type%3Dapp%26loginFrom%3Dapp	cn/edu/pku/PKUAndroid/utils/UrlUtils.java
https://its.pku.edu.cn/pku_gateway_apps/docs/App_Android_Privacy_Policy.html	cn/edu/pku/PKUAndroid/utils/UrlUtils.java
https://its.pku.edu.cn/pku_gateway_apps/docs/App_Android_User_Agreement.html	cn/edu/pku/PKUAndroid/utils/UrlUtils.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-accessLog.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-wwwpku.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
http://www.pku.edu.cn\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-life.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-gymIndex.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-freeclassroom.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-leadermailbox.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://www.pku.edu.cn/leader_email.html\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-pkuMap.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://www.pku.edu.cn/visit.html	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-schoolCalendar.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://www.pku.edu.cn/campus.html	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-pkunews.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
http://news.pku.edu.cn/\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-parkinglot.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-yunkt.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
https://wxsp.pku.edu.cn/portal2017/img/biz-icon-canteen.png\	cn/edu/pku/PKUAndroid/utils/TestAccountFakeData.java
http://thirdAppJump?	cn/edu/pku/PKUAndroid/common/manager/OpenActivityManager.java
https://gong.isignet.cn/MSSPFileServer/agreement.json	cn/org/bjca/amiibo/f/b.java
https://www.bjca.cn	cn/org/bjca/anysign/android/api/core/domain/ProtocolText.java
http://schemas.android.com/apk/res/bjca	cn/org/bjca/anysign/android/api/core/UI/j.java
http://schemas.android.com/apk/res/bjca	cn/org/bjca/anysign/core/UI/BJCAAnySignCmd526TouchViewForApi.java
https://api.megvii.com	cn/org/bjca/faceidlivecheck/LiveActivity.java
https://service.isignet.cn/private/agreement.html	cn/org/bjca/identifycore/b/b.java
https://service.isignet.cn/private/agreementBiometric.html	cn/org/bjca/identifycore/b/b.java
https://api.isignet.cn	cn/org/bjca/identifycore/c/f.java
http://10.138.32.176:8518/api/v3/person/verify_sec?appid=7758258	com/baidu/idl/face/platform/ui/utils/SecRequest.java
http://face.baidu.com/openapi/v2/stat/sdkdata	com/baidu/idl/face/platform/network/LogRequest.java
http://face.baidu.com/gate/api/userverifydemo	com/baidu/idl/face/platform/network/NoMotionRequest.java
https://brain.baidu.com/record/api	com/baidu/idl/face/platform/stat/Ast.java
https://ai.baidu.com/activation/key/activate	com/baidu/idl/main/facesdk/FaceAuth.java
http://brain.baidu.com/record/api	com/baidu/idl/main/facesdk/statistic/PostDeviceInfo.java
http://schemas.android.com/apk/res/android	com/baidu/liantian/g/d.java
https://vse.baidu.com/v2	com/baidu/speech/asr/SpeechConstant.java
https://vse.baidu.com/echo.fcgi	com/baidu/speech/asr/SpeechConstant.java
https://upl.baidu.com//words/add	com/baidu/speech/asr/SlotControl.java
https://audiotest.baidu.com/auth/	com/baidu/speech/utils/auth/UrlEnum.java
https://yuyin.baidu.com/voice?osname=voiceopen&action=usereventflow&	com/baidu/speech/utils/analysis/Analysis.java
https://vop.baidu.com/v2	com/baidu/speech/core/ASREngine.java
https://ai.baidu.com/activation/key/activate	com/baidu/vis/unified/license/BDLicenseActivator.java
http://developer.baidu.com/static/community/servers/voice/sdk.html	com/baidu/voicerecognition/android/ui/BaiduASRDigitalDialog.java
https://openapi.baidu.com/oauth/2.0/token?client_id=	com/baidu/aip/asrwakeup3/core/mini/AutoCheck.java
https://ai.baidu.com/unit/home	com/baidu/aip/asrwakeup3/core/mini/ActivityMiniUnit.java
https://android.asset/	io/noties/markwon/image/destination/ImageDestinationProcessorAssets.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Completable.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Single.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Maybe.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Observable.java
https://github.com/ReactiveX/RxJava/wiki/Plugins	io/reactivex/Flowable.java
https://github.com/ReactiveX/RxJava/wiki/Error-Handling	io/reactivex/exceptions/OnErrorNotImplementedException.java
https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0	io/reactivex/exceptions/UndeliverableException.java
http://localhost/	retrofit2/Response.java
http://162.105.133.65:10006/MSSPServer/	摸瓜V2引擎
http://162.105.133.65:10006	摸瓜V2引擎

邮箱线索

邮箱地址	所在文件
您可以发送电子邮件至service@bjca.org	cn/org/bjca/anysign/android/api/core/domain/ProtocolText.java
请通过发送邮件至邮箱service@bjca.org	cn/org/bjca/anysign/android/api/core/domain/ProtocolText.java
its@pku.edu	摸瓜V1引擎

手机线索

手机号	所在文件
15095675534	cn/org/bjca/gaia/asn1/ua/DSTU4145NamedCurves.java
13641146433	cn/org/bjca/gaia/crypto/agreement/DHStandardGroups.java
13641146433	cn/org/bjca/gaia/crypto/tls/TlsDHUtils.java
19634136210	cn/org/bjca/gaia/math/ec/custom/sec/SecT163Field.java
17179869184	cn/org/bjca/gaia/pqc/math/linearalgebra/GF2nONBElement.java
17179869183	cn/org/bjca/gaia/pqc/math/linearalgebra/GF2nONBElement.java
13000000000	com/baidu/idl/face/platform/ui/utils/SecRequest.java

代码反编译

AndroidManifest配置查看

Java源代码查看 -- 下载

APK文件会员可下载

签名证书

APK已签名
v1 签名: True
v2 签名: True
v3 签名: False
找到 1 个唯一证书
主题: C=CN, ST=Beijing, L=Peking, O=Peking University, OU=Computer Center, CN=CC PKU
签名算法: rsassa_pkcs1v15
有效期自: 2016-06-01 01:31:40+00:00
有效期至: 2041-05-26 01:31:40+00:00
发行人: C=CN, ST=Beijing, L=Peking, O=Peking University, OU=Computer Center, CN=CC PKU
序列号: 0x756bdd7d
哈希算法: sha256
md5值: 988563bc26fe85b75b248dca516228d4
sha1值: a95c99053485ccd041e4ba385a1800273d2e3245
sha256值: 6d2e9f537f837bda26a53ca09e11a1ce3fec5d43e4e925b8ff63beccc9d34f8f
sha512值: dbf573d8c27e81db726e656ecd0837820b9d671b4f8057c658cdcea6269782289ae20a36baad6d99d8b215784106ed09d8e87953b15baef2db5eb55ddbe53be4
公钥算法: rsa
密钥长度: 2048
指纹: 6e7aef5d5dee94565d7bff473b87416f4692c5a533a472398614c04dd836d89f

硬编码敏感信息

"input_pay_pwd" : "请输入支付密码，以验证身份"
"input_pwd_again" : "请再次填写以确认"
"input_six_pwd" : "请设置6位数字的手机支付密码"
"modify_pay_pwd" : "修改支付密码"
"pay_no_pwd_limit" : "免密金额"
"pwd_not_equal" : "两次密码输入不一致，请重新输入"
"pwd_verify_failed" : "密码验证失败，请重新输入"
"reset_pwd_failed" : "重置密码失败"
"reset_pwd_success" : "重置密码成功"
"set_pay_pwd" : "设置支付密码"
"six_pwd_pls" : "请输入6位密码"
"verify_pay_pwd" : "验证支付密码"

加壳分析

会员可查看

第三方插件

会员可查看

危险动作

向手机申请的权限	是否危险	类型	详细情况
android.permission.INTERNET	正常	互联网接入	允许应用程序创建网络套接字
android.permission.ACCESS_NETWORK_STATE	正常	查看网络状态	允许应用程序查看所有网络的状态
android.permission.ACCESS_WIFI_STATE	正常	查看Wi-Fi状态	允许应用程序查看有关 Wi-Fi 状态的信息
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储
android.permission.READ_EXTERNAL_STORAGE	危险	读取外部存储器内容	允许应用程序从外部存储读取
android.permission.CAMERA	危险	拍照和录像	允许应用程序用相机拍照和录像。这允许应用程序收集相机随时看到的图像
android.permission.RECORD_AUDIO	危险	录音	允许应用程序访问音频记录路径
android.permission.READ_PHONE_STATE	危险	读取电话状态和身份	允许应用访问设备的电话功能。具有此权限的应用程序可以确定此电话的电话号码和序列号,呼叫是否处于活动状态,呼叫所连接的号码等
android.permission.CHANGE_WIFI_STATE	正常	更改Wi-Fi状态	允许应用程序连接和断开 Wi-Fi 接入点,并对配置的 Wi-Fi 网络进行更改
android.permission.WAKE_LOCK	正常	防止手机睡眠	允许应用程序防止手机进入睡眠状态
android.permission.USE_FINGERPRINT	正常	allow use of指纹	该常量在 API 级别 28 中已被弃用。应用程序应改为请求 USE_BIOMETRIC
android.permission.USE_BIOMETRIC	正常		允许应用使用设备支持的生物识别模式。
android.permission.SYSTEM_ALERT_WINDOW	危险	显示系统级警报	允许应用程序显示系统警报窗口。恶意应用程序可以接管手机的整个屏幕
android.permission.NFC	正常	控制近场通信	允许应用程序与近场通信 (NFC) 标签,卡和读卡器进行通信
android.permission.VIBRATE	正常	可控震源	允许应用程序控制振动器
android.permission.BROADCAST_STICKY	正常	发送粘性广播	允许应用程序发送粘性广播,在广播结束后保留。恶意应用程序会导致手机使用过多内存,从而使手机运行缓慢或不稳定
android.permission.BLUETOOTH	正常	创建蓝牙连接	允许应用程序连接到配对的蓝牙设备
android.permission.MODIFY_AUDIO_SETTINGS	正常	更改您的音频设置	允许应用程序修改全局音频设置,例如音量和路由
android.permission.BLUETOOTH_ADMIN	正常	蓝牙管理	允许应用程序发现和配对蓝牙设备。
android.permission.READ_MEDIA_VISUAL_USER_SELECTED	未知		调用了未知的操作
android.permission.READ_MEDIA_IMAGES	未知		调用了未知的操作
android.permission.READ_MEDIA_VIDEO	未知		调用了未知的操作
android.permission.READ_MEDIA_AUDIO	未知		调用了未知的操作
android.permission.FLASHLIGHT	正常	控制手电筒	允许应用程序控制手电筒