insecurebankv2 - 안전하지 않은 로깅 메커니즘

Notice

Recent Posts

Recent Comments

Link

« 2024/10 »
일	월	화	수	목	금	토
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Tags more

Archives

Today

Total

관리 메뉴

외로운 Nova의 작업실

insecurebankv2 - 안전하지 않은 로깅 메커니즘 본문

Mobile App Penetesting/Android App Vulnerability

insecurebankv2 - 안전하지 않은 로깅 메커니즘

Nova_ 2023. 5. 20. 17:59

- 취약점 소개

로그는 서비스가 정상작동 하지않을때 고치기위해서 디버깅의 정보로 사용되는 중요한 정보입니다. 하지만, 사용자의 개인정보나 비밀정보를 로깅해버리면, 공격자가 로그를 보고 개인정보를 탈취할 수 있습니다. adb를 통해 로그를 확인할 수 있으며, 안드로이드 커널은 로그와 관련된 4가지 버퍼를 관리하고 있습니다. 그 종류와 특징은 아래와 같습니다.

Main : 메인 앱 로그로서 앱이나 플랫폼 내부에서 android.util.Log 클래스로 기록된 로그
Event : 시스템에서 발생하는 이벤트 정보를 위한 로그
Radio : 이동통신망과 관련된 이벤트 정보
system : 안드로이드 플랫폼 내부의 하위 레벨에 있는 시스템이나 디버깅을 위한 로그

- 취약점 진단

<로그인 로그>

먼저, 로그인시 로그인 계정이 남는지 로그파일을 확인해보겠습니다. 아래 명령어로 이전에 저장된 로그파일을 없애줍니다.

adb shell
logcat -c

이후 애뮬레이터로 로그인한 다음 로그 파일을 호스트 컴퓨터에 저장해줍니다.

adb -e shell logcat > loginLog.txt

로그 파일을 보겠습니다.

--------- beginning of main
05-20 17:28:25.245 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:28:25.245  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:28:25.246  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step117
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:28:25.246  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:28:25.494 13826 13826 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:28:25.708 13826 13826 D AndroidRuntime: CheckJNI is OFF
05-20 17:28:25.748 13826 13826 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:28:25.754 13826 13826 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:28:25.759 13826 13826 D         : houdini no need remount
05-20 17:28:25.768 13826 13826 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:28:25.768 13826 13826 E android.os.Debug: failed to load memtrack module: -2
05-20 17:28:25.768 13826 13826 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:28:25.776 13826 13826 D AndroidRuntime: Calling main entry com.android.commands.settings.SettingsCmd
05-20 17:28:25.778 13826 13826 D AndroidRuntime: Shutting down VM
--------- beginning of system
05-20 17:28:31.650  2135  2361 I ActivityManager: START u0 {cmp=com.android.insecurebankv2/.DoLogin (has extras)} from uid 10050 on display 0
05-20 17:28:31.655  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(40)
05-20 17:28:31.669  2135  2530 W InputMethodManagerService: Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@b4beca2 attribute=null, token = android.os.BinderProxy@fb9bdd2
05-20 17:28:31.676 11577 13835 D Successful Login:: , account=jack:Jack@123$
05-20 17:28:31.680  2135 12580 I ActivityManager: START u0 {cmp=com.android.insecurebankv2/.PostLogin (has extras)} from uid 10050 on display 0
05-20 17:28:31.681  2135 12580 W ActivityManager: startActivity called from finishing ActivityRecord{8339516 u0 com.android.insecurebankv2/.DoLogin t11 f}; forcing Intent.FLAG_ACTIVITY_NEW_TASK for: Intent { cmp=com.android.insecurebankv2/.PostLogin (has extras) }
05-20 17:28:31.765 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:28:31.765 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:28:31.769  2135  2155 I ActivityManager: Displayed com.android.insecurebankv2/.PostLogin: +84ms (total +115ms)
05-20 17:28:31.969 13840 13840 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:28:32.188 13840 13840 D AndroidRuntime: CheckJNI is OFF
05-20 17:28:32.230 13840 13840 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:28:32.236 13840 13840 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:28:32.241 13840 13840 D         : houdini no need remount
05-20 17:28:32.250 13840 13840 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:28:32.250 13840 13840 E android.os.Debug: failed to load memtrack module: -2
05-20 17:28:32.251 13840 13840 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:28:32.259 13840 13840 D AndroidRuntime: Calling main entry com.android.commands.am.Am
05-20 17:28:32.261 13840 13840 D AndroidRuntime: Shutting down VM
05-20 17:28:32.512  1825  1825 E NOX     : recv() error
05-20 17:28:32.512  1825  1825 D NOX     : Socket read error
05-20 17:28:32.667 13851 13851 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:28:32.882 13851 13851 D AndroidRuntime: CheckJNI is OFF
05-20 17:28:32.923 13851 13851 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:28:32.929 13851 13851 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:28:32.935 13851 13851 D         : houdini no need remount
05-20 17:28:32.943 13851 13851 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:28:32.943 13851 13851 E android.os.Debug: failed to load memtrack module: -2
05-20 17:28:32.943 13851 13851 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:28:32.950 13851 13851 D AndroidRuntime: Calling main entry com.android.commands.am.Am
05-20 17:28:32.953 13851 13851 D AndroidRuntime: Shutting down VM

로그인 정보가 담긴 로그가 아래에 있습니다.

05-20 17:28:31.676 11577 13835 D Successful Login:: , account=jack:Jack@123$

아이디는 jack이고 비밀번호는 Jack@123$인것을 확인할 수 있습니다.

<비밀번호 변경 로그>

이번에는 비밀번호 변경로그를 봐보겠습니다. 로그를 지워준후에 비밀번호를 변경하고 로그를 호스트 시스템에 저장합니다.

adb -e shell logcat > changepasswordLog.txt

--------- beginning of main
05-20 17:29:22.003  2135  2186 W WifiMode: WiredSSID, Invalid SupportedRates!!!
05-20 17:29:22.008  2135  2184 W WifiMode: WiredSSID, Invalid SupportedRates!!!
05-20 17:29:22.009  2135  2184 W WifiMode: WiredSSID, Invalid SupportedRates!!!
--------- beginning of system
05-20 17:29:24.192  2135  7574 I ActivityManager: START u0 {cmp=com.android.insecurebankv2/.ChangePassword (has extras)} from uid 10050 on display 0
05-20 17:29:24.197  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(33)
05-20 17:29:24.206 11577 11577 I System.out: newpassword=jack
05-20 17:29:24.251  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:29:24.253  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step117
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:29:24.253  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:29:24.255  2135  2155 I ActivityManager: Displayed com.android.insecurebankv2/.ChangePassword: +59ms
05-20 17:29:24.496 13873 13873 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:29:24.711 13873 13873 D AndroidRuntime: CheckJNI is OFF
05-20 17:29:24.750 13873 13873 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:29:24.757 13873 13873 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:29:24.763 13873 13873 D         : houdini no need remount
05-20 17:29:24.771 13873 13873 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:29:24.771 13873 13873 E android.os.Debug: failed to load memtrack module: -2
05-20 17:29:24.772 13873 13873 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:29:24.779 13873 13873 D AndroidRuntime: Calling main entry com.android.commands.am.Am
05-20 17:29:24.782 13873 13873 D AndroidRuntime: Shutting down VM
05-20 17:29:25.150 13883 13883 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:29:25.367 13883 13883 D AndroidRuntime: CheckJNI is OFF
05-20 17:29:25.401 13883 13883 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:29:25.408 13883 13883 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:29:25.412 13883 13883 D         : houdini no need remount
05-20 17:29:25.421 13883 13883 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:29:25.421 13883 13883 E android.os.Debug: failed to load memtrack module: -2
05-20 17:29:25.422 13883 13883 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:29:25.428 13883 13883 D AndroidRuntime: Calling main entry com.android.commands.settings.SettingsCmd
05-20 17:29:25.430 13883 13883 D AndroidRuntime: Shutting down VM
05-20 17:29:27.347  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:29:27.348  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:29:33.746  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(31)
05-20 17:29:37.254  2135  2135 W WindowManager: Attempted to remove non-existing token: android.os.Binder@3bd6113
05-20 17:29:38.658  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:29:38.658  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:30:02.065  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(31)
05-20 17:30:05.569  2135  2135 W WindowManager: Attempted to remove non-existing token: android.os.Binder@90c4926
05-20 17:30:17.895  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(30)
05-20 17:30:17.915  2283  2297 E PhoneInterfaceManager: [PhoneIntfMgr] getIccId: No UICC
05-20 17:30:17.916 11577 11577 I System.out: phonno:+8201010025538
05-20 17:30:17.920 11577 11577 I System.out: For the changepassword - phonenumber: +8201010025538 password is: Updated Password from: Jack@123$ to: Nova@123$
05-20 17:30:21.420  2135  2135 W WindowManager: Attempted to remove non-existing token: android.os.Binder@e8022b9
05-20 17:30:35.779  2839  3021 I nightwatch-target: monitor resources last 600 iteration: 300992 msec

비밀번호 변경 로그가 있습니다.

05-20 17:30:17.920 11577 11577 I System.out: For the changepassword - phonenumber: +8201010025538 password is: Updated Password from: Jack@123$ to: Nova@123$

Jack@123$에서 Nova@123$으로 변경된 것을 확인할 수 있습니다.

<계좌이체 로그>

이번에는 계좌이체 로그를 보겠습니다. 아까와 동일하게 로그를 지워주고 계좌이체를 한후 로그를 호스트 컴퓨터에 저장해줍니다.

adb -e shell logcat > transferLog.txt

파일을 보겠습니다.

--------- beginning of main
05-20 17:31:07.678 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:07.929 13912 13912 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:31:08.142 13912 13912 D AndroidRuntime: CheckJNI is OFF
05-20 17:31:08.185 13912 13912 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:31:08.192 13912 13912 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:31:08.198 13912 13912 D         : houdini no need remount
05-20 17:31:08.207 13912 13912 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:31:08.207 13912 13912 E android.os.Debug: failed to load memtrack module: -2
05-20 17:31:08.208 13912 13912 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:31:08.215 13912 13912 D AndroidRuntime: Calling main entry com.android.commands.am.Am
05-20 17:31:08.217 13912 13912 D AndroidRuntime: Shutting down VM
--------- beginning of system
05-20 17:31:13.180  2135  2354 I ActivityManager: START u0 {cmp=com.android.insecurebankv2/.DoTransfer} from uid 10050 on display 0
05-20 17:31:13.183  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(34)
05-20 17:31:13.251  2135  2155 I ActivityManager: Displayed com.android.insecurebankv2/.DoTransfer: +67ms
05-20 17:31:13.263  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:13.264  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:13.264  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:13.558 13925 13925 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:31:13.776 13925 13925 D AndroidRuntime: CheckJNI is OFF
05-20 17:31:13.814 13925 13925 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:31:13.819 13925 13925 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:31:13.823 13925 13925 D         : houdini no need remount
05-20 17:31:13.831 13925 13925 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:31:13.831 13925 13925 E android.os.Debug: failed to load memtrack module: -2
05-20 17:31:13.832 13925 13925 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:31:13.839 13925 13925 D AndroidRuntime: Calling main entry com.android.commands.am.Am
05-20 17:31:13.842 13925 13925 D AndroidRuntime: Shutting down VM
05-20 17:31:14.092  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:14.092  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:14.204 13935 13935 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<
05-20 17:31:14.424 13935 13935 D AndroidRuntime: CheckJNI is OFF
05-20 17:31:14.462 13935 13935 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
05-20 17:31:14.468 13935 13935 W art     : Unexpected CPU variant for X86 using defaults: x86
05-20 17:31:14.472 13935 13935 D         : houdini no need remount
05-20 17:31:14.481 13935 13935 E memtrack: Couldn't load memtrack module (No such file or directory)
05-20 17:31:14.481 13935 13935 E android.os.Debug: failed to load memtrack module: -2
05-20 17:31:14.482 13935 13935 I Radio-JNI: register_android_hardware_Radio DONE
05-20 17:31:14.488 13935 13935 D AndroidRuntime: Calling main entry com.android.commands.settings.SettingsCmd
05-20 17:31:14.502 13935 13935 D AndroidRuntime: Shutting down VM
05-20 17:31:18.610 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:18.610  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:18.611  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:18.611  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:18.612  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:18.612  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:21.775  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(33)
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:21.793  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:21.795  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:21.796  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:27.949  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(42)
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:27.960  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:27.961  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:27.961  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:29.710 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:29.710  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:29.711  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:29.711  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:29.712  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:29.712  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:32.576 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:32.576  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:32.577  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:32.577  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:32.578  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:32.578  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:36.317  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(38)
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:36.344  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:36.345  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:36.345  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:49.877 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:49.877  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:49.879  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:49.879  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:49.880  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:49.880  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:50.122  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:50.122  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:53.144 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:53.144  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:53.145  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:53.145  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:53.146  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:53.146  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:55.292 11577 11577 W IInputConnectionWrapper: finishComposingText on inactive InputConnection
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step117
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.netease.eve.en
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.gm99.ylcs
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2jp.ghost.romance
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.gameone.meow
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.ykhw.sgsmjz
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.kudou.fengshen
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.ss.android.auto
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.wb.goog.mkx
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.ulugame.arkajp.google
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.xlegend.dragonsoul.jp
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.maetimes.android.pokekara
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.wemadesvc.icarusm
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.eskyfun.sgsmjzgp
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.aceclub.tw
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2vn.efun.jx1
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.global.musvn
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2vn.vltk.htvl
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.global.gloryvn
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.xlegend.grandfantasia.jp
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.azuragame.oop
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.xlegend.arthurlegend.tw
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.honorofheir.global
05-20 17:31:55.293  2871  2871 E inputservice: isForceShowInput step2com.xlegend.honorofheirs.jp
05-20 17:31:55.294  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:55.294  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:55.295  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:55.295  2871  2871 V InputMethodService: onEvaluateInputViewShown: config.hardKeyboardHidden = 2
05-20 17:31:59.932  1836  1894 D AudioFlinger: mixer(0xd6183f80) throttle end: throttle time(36)
05-20 17:31:59.949 11577 11577 I System.out: Message:Failure From:66666666 To:99999999 Amount:3333
05-20 17:32:02.000  2135  2186 W WifiMode: WiredSSID, Invalid SupportedRates!!!
05-20 17:32:02.000  2135  2184 W WifiMode: WiredSSID, Invalid SupportedRates!!!
05-20 17:32:02.001  2135  2184 W WifiMode: WiredSSID, Invalid SupportedRates!!!
05-20 17:32:03.451  2135  2135 W WindowManager: Attempted to remove non-existing token: android.os.Binder@f44f0e3

05-20 17:31:59.949 11577 11577 I System.out: Message:Failure From:66666666 To:99999999 Amount:3333

66666666계좌에서 99999999 계좌로 3333원이 전송되었음을 알수 있습니다.

- 취약점 대응 방안

<로그인 로그 없애기>

먼저 첫번째 로그인 로그를 보게되면

05-20 17:28:31.676 11577 13835 D Successful Login:: , account=jack:Jack@123$

위와 같습니다. "D Successful ~" 형태로 로깅이되며 이는 Log.d()함수를 사용해서 로깅하는 것입니다. 따라서 Logd()함수를 없애주면됩니다. 실제 코드를 보겠습니다. RequestTask.class 파일을 보게되면,

package com.android.insecurebankv2;

import android.content.Intent;
import android.content.SharedPreferences;
import android.os.AsyncTask;
import android.util.Base64;
import android.util.Log;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONException;

class DoLogin$RequestTask extends AsyncTask {
   final DoLogin this$0;

   DoLogin$RequestTask(DoLogin var1) {
      this.this$0 = var1;
   }

   private String convertStreamToString(InputStream var1) throws IOException {
      try {
         DoLogin var2 = this.this$0;
         InputStreamReader var3 = new InputStreamReader(var1, "UTF-8");
         BufferedReader var4 = new BufferedReader(var3);
         var2.reader = var4;
      } catch (UnsupportedEncodingException var5) {
         var5.printStackTrace();
      }

      StringBuilder var6 = new StringBuilder();

      while(true) {
         String var7 = this.this$0.reader.readLine();
         if (var7 == null) {
            var1.close();
            return var6.toString();
         }

         var6.append(var7 + "\n");
      }
   }

   private void saveCreds(String var1, String var2) throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
      SharedPreferences.Editor var3 = this.this$0.getSharedPreferences("mySharedPreferences", 0).edit();
      this.this$0.rememberme_username = var1;
      this.this$0.rememberme_password = var2;
      var1 = new String(Base64.encodeToString(this.this$0.rememberme_username.getBytes(), 4));
      CryptoClass var4 = new CryptoClass();
      this.this$0.superSecurePassword = var4.aesEncryptedString(this.this$0.rememberme_password);
      var3.putString("EncryptedUsername", var1);
      var3.putString("superSecurePassword", this.this$0.superSecurePassword);
      var3.commit();
   }

   private void trackUserLogins() {
      this.this$0.runOnUiThread(new DoLogin.RequestTask.1(this));
   }

   protected String doInBackground(String... var1) {
      Object var10;
      try {
         this.postData(var1[0]);
         return null;
      } catch (InvalidKeyException var2) {
         var10 = var2;
      } catch (NoSuchAlgorithmException var3) {
         var10 = var3;
      } catch (NoSuchPaddingException var4) {
         var10 = var4;
      } catch (InvalidAlgorithmParameterException var5) {
         var10 = var5;
      } catch (IllegalBlockSizeException var6) {
         var10 = var6;
      } catch (BadPaddingException var7) {
         var10 = var7;
      } catch (IOException var8) {
         var10 = var8;
      } catch (JSONException var9) {
         var10 = var9;
      }

      ((Exception)var10).printStackTrace();
      return null;
   }

   protected void onPostExecute(Double var1) {
   }

   protected void onProgressUpdate(Integer... var1) {
   }

   public void postData(String var1) throws ClientProtocolException, IOException, JSONException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
      DefaultHttpClient var3 = new DefaultHttpClient();
      HttpPost var2 = new HttpPost(this.this$0.protocol + this.this$0.serverip + ":" + this.this$0.serverport + "/login");
      HttpPost var5 = new HttpPost(this.this$0.protocol + this.this$0.serverip + ":" + this.this$0.serverport + "/devlogin");
      ArrayList var4 = new ArrayList(2);
      var4.add(new BasicNameValuePair("username", this.this$0.username));
      var4.add(new BasicNameValuePair("password", this.this$0.password));
      HttpResponse var6;
      if (this.this$0.username.equals("devadmin")) {
         var5.setEntity(new UrlEncodedFormEntity(var4));
         var6 = var3.execute(var5);
      } else {
         var2.setEntity(new UrlEncodedFormEntity(var4));
         var6 = var3.execute(var2);
      }

      InputStream var7 = var6.getEntity().getContent();
      this.this$0.result = this.convertStreamToString(var7);
      this.this$0.result = this.this$0.result.replace("\n", "");
      if (this.this$0.result != null) {
         Intent var8;
         if (this.this$0.result.indexOf("Correct Credentials") != -1) {
            Log.d("Successful Login:", ", account=" + this.this$0.username + ":" + this.this$0.password);
            this.saveCreds(this.this$0.username, this.this$0.password);
            this.trackUserLogins();
            var8 = new Intent(this.this$0.getApplicationContext(), PostLogin.class);
            var8.putExtra("uname", this.this$0.username);
            this.this$0.startActivity(var8);
         } else {
            var8 = new Intent(this.this$0.getApplicationContext(), WrongLogin.class);
            this.this$0.startActivity(var8);
         }
      }

   }
}

가운데 쯤에 Log.d()함수가 있습니다.

Log.d("Successful Login:", ", account=" + this.this$0.username + ":" + this.this$0.password);

이 함수를 제거해주면 됩니다.

<패스워드 변경 로그>

패스워드 변경 로그를 봐보겠습니다.

05-20 17:30:17.920 11577 11577 I System.out: For the changepassword - phonenumber: +8201010025538 password is: Updated Password from: Jack@123$ to: Nova@123$

로그의 형태를 보면 "I System.out ~ " 형태로 되어있습니다. 이는 system.out 함수에의해 발생했음을 알 수 있습니다. changepassword 관련 코드에서 system.out()함수를 찾아보겠습니다.

package com.android.insecurebankv2;

import android.content.Context;
import android.telephony.TelephonyManager;
import android.widget.Toast;
import java.io.PrintStream;
import org.json.JSONException;
import org.json.JSONObject;

class ChangePassword$RequestChangePasswordTask$1 implements Runnable {
   final ChangePassword.RequestChangePasswordTask this$1;

   ChangePassword$RequestChangePasswordTask$1(ChangePassword.RequestChangePasswordTask var1) {
      this.this$1 = var1;
   }

   public void run() {
      if (this.this$1.this$0.result != null && this.this$1.this$0.result.indexOf("Change Password Successful") != -1) {
         try {
            JSONObject var1 = new JSONObject(this.this$1.this$0.result);
            String var3 = var1.getString("message");
            Context var5 = this.this$1.this$0.getApplicationContext();
            StringBuilder var2 = new StringBuilder();
            Toast.makeText(var5, var2.append(var3).append(". Restart application to Continue.").toString(), 1).show();
            var3 = ((TelephonyManager)this.this$1.this$0.getApplicationContext().getSystemService("phone")).getLine1Number();
            PrintStream var6 = System.out;
            var2 = new StringBuilder();
            var6.println(var2.append("phonno:").append(var3).toString());
            ChangePassword.access$200(this.this$1.this$0, var3, this.this$1.this$0.changePassword_text.getText().toString());
         } catch (JSONException var4) {
            var4.printStackTrace();
         }
      }

   }
}

위코드중에서

var3 = ((TelephonyManager)this.this$1.this$0.getApplicationContext().getSystemService("phone")).getLine1Number();
            PrintStream var6 = System.out;
            var2 = new StringBuilder();
            var6.println(var2.append("phonno:").append(var3).toString());

이부분이 로그와 많이 유사한 형태를 띄고 있습니다. 따라서 이부분을 없애줘야합니다.

<계좌이체 로그>

계좌이체 로그를 한번 봐보겠습니다.

05-20 17:31:59.949 11577 11577 I System.out: Message:Failure From:66666666 To:99999999 Amount:3333

이것도 System.out()함수입니다. 한번 찾아보겠습니다.

package com.android.insecurebankv2;

import android.os.Environment;
import android.widget.Toast;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintStream;
import org.json.JSONException;
import org.json.JSONObject;

class DoTransfer$RequestDoTransferTask$1 implements Runnable {
   final DoTransfer.RequestDoTransferTask this$1;

   DoTransfer$RequestDoTransferTask$1(DoTransfer.RequestDoTransferTask var1) {
      this.this$1 = var1;
   }

   public void run() {
      this.this$1.AsyncHttpTransferPost("result");
      if (this.this$1.this$0.result != null) {
         String var3;
         if (this.this$1.this$0.result.indexOf("Success") != -1) {
            Toast.makeText(this.this$1.this$0.getApplicationContext(), "Transfer Successful", 1).show();

            try {
               DoTransfer var2 = this.this$1.this$0;
               JSONObject var1 = new JSONObject(this.this$1.this$0.result);
               var2.jsonObject = var1;
               this.this$1.this$0.acc1 = this.this$1.this$0.jsonObject.getString("from");
               this.this$1.this$0.acc2 = this.this$1.this$0.jsonObject.getString("to");
               PrintStream var11 = System.out;
               StringBuilder var8 = new StringBuilder();
               var11.println(var8.append("Message:").append(this.this$1.this$0.jsonObject.getString("message")).append(" From:").append(this.this$1.this$0.from.getText().toString()).append(" To:").append(this.this$1.this$0.to.getText().toString()).append(" Amount:").append(this.this$1.this$0.amount.getText().toString()).toString());
               StringBuilder var12 = new StringBuilder();
               String var9 = new String(var12.append("\nMessage:Success From:").append(this.this$1.this$0.from.getText().toString()).append(" To:").append(this.this$1.this$0.to.getText().toString()).append(" Amount:").append(this.this$1.this$0.amount.getText().toString()).append("\n").toString());

               try {
                  var12 = new StringBuilder();
                  var3 = var12.append(Environment.getExternalStorageDirectory()).append("/Statements_").append(this.this$1.this$0.usernameBase64ByteString).append(".html").toString();
                  FileWriter var4 = new FileWriter(var3, true);
                  BufferedWriter var13 = new BufferedWriter(var4);
                  var13.write(var9);
                  var13.write("<hr>");
                  var13.close();
               } catch (IOException var6) {
                  var6.toString();
               }
            } catch (JSONException var7) {
               var7.printStackTrace();
            }
         } else {
            Toast.makeText(this.this$1.this$0.getApplicationContext(), "Transfer Failed", 1).show();
            System.out.println("Message:Failure From:" + this.this$1.this$0.from.getText().toString() + " To:" + this.this$1.this$0.to.getText().toString() + " Amount:" + this.this$1.this$0.amount.getText().toString());
            var3 = new String("\nMessage:Failure From:" + this.this$1.this$0.from.getText().toString() + " To:" + this.this$1.this$0.to.getText().toString() + " Amount:" + this.this$1.this$0.amount.getText().toString() + "\n");
            String var15 = Environment.getExternalStorageDirectory() + "/Statements_" + this.this$1.this$0.usernameBase64ByteString + ".html";

            try {
               FileWriter var14 = new FileWriter(var15, true);
               BufferedWriter var10 = new BufferedWriter(var14);
               var10.write(var3);
               var10.write("<hr>");
               var10.close();
            } catch (IOException var5) {
               var5.toString();
            }
         }
      }

   }
}

위 코드중에서

System.out.println("Message:Failure From:" + this.this$1.this$0.from.getText().toString() + " To:" + this.this$1.this$0.to.getText().toString() + " Amount:" + this.this$1.this$0.amount.getText().toString());

가장 비슷한 형태의 코드가 있습니다. 이를 없애주면 됩니다.

'Mobile App Penetesting > Android App Vulnerability' 카테고리의 다른 글

insecurebankv2 - 애플리케이션 디버깅 기능 (0)	2023.05.22
insecurebankv2 - 안드로이드 키보드 캐시 이슈 (0)	2023.05.21
insecurebankv2 - 메모리내 민감한 정보 저장 (0)	2023.05.19
insecurebankv2 - 애플리케이션 패칭 (0)	2023.05.18
insecurebankv2 - 취약한 암호화 실행 (0)	2023.05.15

'Mobile App Penetesting/Android App Vulnerability' Related Articles

Comments

외로운 Nova의 작업실

insecurebankv2 - 안전하지 않은 로깅 메커니즘 본문

insecurebankv2 - 안전하지 않은 로깅 메커니즘

'Mobile App Penetesting > Android App Vulnerability' 카테고리의 다른 글

티스토리툴바