trang chủ chủ đề library logo thư viện mã nguồn cửa hàng
thêm
回到详情

逆向工程 Tiktok 的 VM 混淆(第 1 部分)

出处:https://nullpt.rs/reverse-engineering-tiktok-vm-1

原文: 阅读原文 译文: 中文
双语 译文

Reverse Engineering Tiktok's VM Obfuscation (Part 1)|

逆向工程 Tiktok 的 VM 混淆(第 1 部分)|

Thu Dec 22 2022authored by veritas

Thu Dec 22 2022 作者 veritas

TikTok has a reputation for its aggressive data collection. In fact, an article published on 22 December 2022 uncovered how ByteDance spied on multiple Forbes journalists using TikTok. While some of the data they collect may seem benign, it can be used to build a detailed profile of each user. Information such as user location, device type, and various hardware metrics are combined to create a unique "fingerprint" that can potentially be used to track a user's activity on and off the app. This data may also be used to prevent their APIs from being utilized in automated scripts by ensuring that the data from the requests seem humanlike.

TikTok 以其激进的数据收集而闻名。事实上,2022 年 12 月 22 日发表的一篇文章 揭露了 ByteDance 如何使用 TikTok 监视多名 Forbes 记者。虽然他们收集的一些数据可能看起来无害,但这些数据可以用来构建每个用户的详细档案。诸如用户位置、设备类型和各种硬件指标等信息被组合起来,创建一个独特的“fingerprint”,这可能被用来跟踪用户在应用内外的活动。这些数据还可能被用来防止其 API 被自动化脚本利用,通过确保请求数据看起来像人类行为。

The platform has implemented various methods to make it difficult for reverse-engineers to understand exactly what data is being collected and how it is being used. Analyzing the call stack of a request made on tiktok.com can begin to paint the picture for us. Let's start by doing a search for the term "food". Upon pressing enter, TikTok sends off a GET request with our search term and some extra telemetry embedded.

该平台实现了各种方法,使逆向工程师难以理解到底收集了哪些数据以及如何使用它们。分析在 tiktok.com 上发出的请求的调用栈,可以开始为我们描绘出画面。让我们从搜索术语 "food" 开始。按下回车后,TikTok 会发送一个 GET 请求,包含我们的搜索词和一些嵌入的额外遥测数据。

curl -G \
  -d 'aid=1988' \
  -d 'app_language=en' \
  -d 'app_name=tiktok_web' \
  -d 'battery_info=1' \
  -d 'browser_language=en-US' \
  -d 'browser_name=Mozilla' \
  -d 'browser_online=true' \
  -d 'browser_platform=Win32' \
  -d 'browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F108.0.0.0%20Safari%2F537.36' \
  -d 'channel=tiktok_web' \
  -d 'cookie_enabled=true'...
开通本站会员,查看完整译文。

trang chủ - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.0. UTC+08:00, 2026-03-12 16:30
浙ICP备14020137号-1 $bản đồ khách truy cập$