Forensics Analysis of APK Encryption/Decryption Methods Based on NetEase Yunxing IM Framework
In the process of investigating telecommunication network fraud cases,especially in cases such as click farming,investment and financial management fraud and naked chat,APP and URL forensics analysis are the focus of network-side investigation.Because of the need to realize functions such as chatting,picture uploading and voice calling in the APP involved,the APP developed based on IM framework has become the mainstream,among which NetEase Yunxin IM is the most common third-party IM framework in the current fraud cases.However,as criminals continue to hide their means of committing crimes,for example,encrypting APPs or encrypting chat content end-to-end,direct analysis cannot obtain the key value of IM interface,or only the encrypted garbled code can be obtained,and chat content cannot be viewed.Based on this kind of cases,this paper introduces the principle of IM framework,the encryption technology and decryption method of APPs and chat content.Through in-depth reverse analysis and encryption algorithm analysis of this kind of APPs,the efficiency of clue mining and investigation and evidence collection of single fraud cases can be fully improved,which provides strong support for the detection of related cases.
digital forensicsAPK reverseAES decryptionclick farming fraudNetEase Yunxin IM
万方数据
维普
