小程序本地代码安全性分析
首发时间:2020-06-22
摘要:本文针对目前飞速发展的小程序,进行小程序本地代码的安全性分析,本文通过主要通过反编译小程序压缩包,测试小程序源码的安全性问题,通过测试发现,就目前发展最快的微信小程序来说,攻击者在拿到小程序代码包后可将其反编译并获得小程序的未经混淆的源代码,这就将使得小程序的代码暴露给攻击者,攻击者可以利用源代码对小程序进行攻击。本文在分析了目前主流小程序本地代码的安全性之后,设计了Tbox,一种基于虚拟容器的小程序代码文件加密框架,从源头加大小程序源代码文件被获取的难度,并加大小程序被反编译的难度。
For information in English, please click here
The Security Analysis of Mini Program Native Code
Abstract:In this paper,we analyzes the safety of mini programnative code in view of the rapid development of mini program. This article mainly tests the security problems of mini programsource code by decompilation of mini programcompression packages. Through testing, it is found that the fastest growing WeChat mini program, in other words, after getting the mini program code package, the attacker can decompile it and obtain the unobfuscated source code of the mini program. This will expose the mini program code to the attacker, who can use the source code to the mini program attacks. In this paper, after analyzing the security of the local code of mainstream mini program, Tbox, a mini program code file encryption framework based on virtual containers, is designed to increase the difficulty of obtaining source code files from the source and increase the difficulty of the decompilationfrom the mini program source code.
Keywords: Computer Software Mini Program Mobile Security Virtual Container Static Analysis
基金:
引用
No.****
动态公开评议
共计0人参与
勘误表
小程序本地代码安全性分析
评论
全部评论0/1000