有熟悉 react native 的么,朋友的项目打包以后被注入色情网了

地址发出来帮你鉴别下

@cbythe434 黄网地址么 ？

是怎么出现的，跳浏览器？

今儿的新闻，说 cdn.polyfill.io 被投毒了，自己检查下有没有用到这个域名吧

https://www.theregister.com/2024/06/25/polyfillio_china_crisis/

@lolizeppelin 你懂的

@cbythe434
访问不了的
https//y2oi9ve9g2mc.top:1843/?iv=60042&tt=1719322649
https//mym222.xyz/?t=1719322635
https//kjuw65.xyz/?t=1719322623

都是投毒的 你确定要看？

@nagisaushio
app 内打开的

npm 下毒了？

有没有可能是 DNS 污染
https://www.cnblogs.com/trustnature/articles/3205742.html

h5 游戏用 rn 打包？？那和直接弄个 webview 加载有啥区别
你可能需要用别的打包框架

其实不是 RN 的问题, 就是域名污染

不是 dns 的问题,应该是 app 启动就已经出问题了


正确的 app 启动日志

06-26 11:22:58.419 2256 2310 I ActivityManager: Start proc 30806:game.taptap.jtjoy.cat/u0a405 for next-top-activity {game.taptap.jtjoy.cat/com.app.MainActivity} caller=com.miui.home
06-26 11:22:58.420 1691 1691 E qspmHal : setAppInfoH atPid = 30806, gpuFname:game.taptap.jtjoy.cat, gpuFver:101
06-26 11:22:58.426 30806 30806 I aptap.jtjoy.cat: Using CollectorTypeCC GC.
06-26 11:22:58.430 30806 30806 E aptap.jtjoy.cat: Not starting debugger since process cannot load the jdwp agent.
06-26 11:22:58.434 30806 30806 I MessageMonitor: Load libmiui_runtime
06-26 11:22:58.444 30806 30806 D CompatibilityChangeReporter: Compat change id reported: 171979766; UID 10405; state: ENABLED
06-26 11:22:58.444 30806 30806 D CompatibilityChangeReporter: Compat change id reported: 242716250; UID 10405; state: ENABLED
06-26 11:22:58.447 11454 15441 D PerfEngineController: ForegroundInfo{mForegroundPackageName='game.taptap.jtjoy.cat', mForegroundUid=10405, mForegroundPid=30806, mLastForegroundPackageName='com.miui.home', mLastForegroundUid=10139, mLastForegroundPid=5447, mMultiWindowForegroundPackageName='game.taptap.jtjoy.cat', mMultiWindowForegroundUid=10405, mFlags=1}
06-26 11:22:58.448 30806 30824 D AppScoutStateMachine: 30806-ScoutStateMachinecreated
06-26 11:22:58.448 22719 9627 D A2dpLatencyMode: onForegroundActivitiesChanged, pid: 30806 uid: 10405 foregroundActivities: true
06-26 11:22:58.448 8540 8566 I ProcessMonitor: onForegroundInfoChanged: ForegroundInfo{mForegroundPackageName='game.taptap.jtjoy.cat', mForegroundUid=10405, mForegroundPid=30806, mLastForegroundPackageName='com.miui.home', mLastForegroundUid=10139, mLastForegroundPid=5447, mMultiWindowForegroundPackageName='game.taptap.jtjoy.cat', mMultiWindowForegroundUid=10405, mFlags=1}
06-26 11:22:58.448 5447 6114 D AppObserver: ForegroundInfo{mForegroundPackageName='game.taptap.jtjoy.cat', mForegroundUid=10405, mForegroundPid=30806, mLastForegroundPackageName='com.miui.home', mLastForegroundUid=10139, mLastForegroundPid=5447, mMultiWindowForegroundPackageName='game.taptap.jtjoy.cat', mMultiWindowForegroundUid=10405, mFlags=1}
06-26 11:22:58.451 22719 22807 D A2dpLatencyMode: ForegroundInfo{mForegroundPackageName='game.taptap.jtjoy.cat', mForegroundUid=10405, mForegroundPid=30806, mLastForegroundPackageName='com.miui.home', mLastForegroundUid=10139, mLastForegroundPid=5447, mMultiWindowForegroundPackageName='game.taptap.jtjoy.cat', mMultiWindowForegroundUid=10405, mFlags=1}
06-26 11:22:58.452 8540 8566 D GameBoosterService: onGameStatusChange foreground:ForegroundInfo{mForegroundPackageName='game.taptap.jtjoy.cat', mForegroundUid=10405, mForegroundPid=30806, mLastForegroundPackageName='com.miui.home', mLastForegroundUid=10139, mLastForegroundPid=5447, mMultiWindowForegroundPackageName='game.taptap.jtjoy.cat', mMultiWindowForegroundUid=10405, mFlags=1}
06-26 11:22:58.453 30806 30806 D nativeloader: Configuring clns-4 for other apk /data/app/~~ch9TSn_y1N1uQ11uENe9Eg==/game.taptap.jtjoy.cat-ipDHvWbVUs-0lgbmthTumA==/base.apk. target_sdk_version=34, uses_libraries=, library_path=/data/app/~~ch9TSn_y1N1uQ11uENe9Eg==/game.taptap.jtjoy.cat-ipDHvWbVUs-0lgbmthTumA==/lib/arm64:/data/app/~~ch9TSn_y1N1uQ11uENe9Eg==/game.taptap.jtjoy.cat-ipDHvWbVUs-0lgbmthTumA==/base.apk!/lib/arm64-v8a, permitted_path=/data:/mnt/expand:/data/user/0/game.taptap.jtjoy.cat
06-26 11:22:58.456 30806 30806 I Perf : Connecting to perf service.





异常的 app 启动日志
06-26 07:23:01.954 2256 6506 I SmartPower: com.miui.securitycenter:ui/1000(8497): invisible->visible(3488463ms) R(become visible) adj=250.
06-26 10:48:29.174 2256 2310 I ActivityManager: Start proc 3488:game.taptap.jtjoy.cat/u0a405 for next-top-activity {game.taptap.jtjoy.cat/com.app.MainActivity} caller=com.miui.home
06-26 10:48:29.255 2256 8346 I ActivityManager: Flag disabled. Ignoring finishAttachApplication from uid: 10405. pid: 3488
06-26 10:48:29.315 3488 3524 E ContentCatcherManager: failed to get ContentCatcherService.
06-26 10:48:29.316 3488 3524 E ContentCatcherManager: failed to get ContentCatcherService.
06-26 10:48:29.321 2256 8364 W WindowManager: Failed looking up window session=Session{a79bf95 3488:u0a10405} callers=com.android.server.wm.WindowManagerService.windowForClientLocked:6656 com.android.server.wm.Session.updateRequestedVisibleTypes:694 android.view.IWindowSession$Stub.onTransact:1053
06-26 10:48:29.376 2256 8347 W WindowManager: Failed looking up window session=Session{a79bf95 3488:u0a10405} callers=com.android.server.wm.WindowManagerService.windowForClientLocked:6656 com.android.server.wm.Session.updateRequestedVisibleTypes:694 android.view.IWindowSession$Stub.onTransact:1053
06-26 10:48:36.016 3488 3488 D MiuiMultiWindowUtils: freeform resolution args raw data:{ "zizhan":{ "freeform_args": { "inner":{ "vertical_portrait":{"aspect_ratio":0.626, "original_ratio":0.5643,"original_scale":0.74,"top_margin":0.168,"left_margin":0.484}, "horizontal_portrait":{"aspect_ratio":0.626, "original_ratio":0.5643,"original_scale":0.74,"top_margin":0.1222,"left_margin":0.59745}, "vertical_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.604,"top_margin":0.2596,"left_margin":0.2624}, "horizontal_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.604,"top_margin":0.213,"left_margin":0.3758} }, "outer":{ "vertical_portrait":{"aspect_ratio":0.626, "original_ratio":1,"original_scale":0.74,"top_margin":0.0753,"left_margin":-1}, "horizontal_portrait":{"aspect_ratio":0.626, "original_ratio":1,"original_scale":0.5756,"top_margin":-1,"left_margin":0.0753}, "vertical_landscape":{"aspect_ratio":1.6, "original_ratio":0.6847,"original_scale":0.587,"top_margin":0.0753,"left_margin":-1}, "horizontal_landscape":{"aspect_ratio":1.6, "original_ratio":0.6847,"original_scale":0.587,"top_margin":-1,"left_margin":0.0753}} }, "mini_freeform_args":{ "inner":{ "vertical_portrait":{"original_ratio":0.147}, "horizontal_portrait":{"original_ratio":0.147}, "vertical_landscape":{"original_ratio":0.165}, "horizontal_landscape":{"original_ratio":0.165} }, "outer":{ "vertical_portrait":{"original_ratio":0.26}, "horizontal_portrait":{"original_ratio":0.26}, "vertical_landscape":{"original_ratio":0.293}, "horizontal_landscape":{"original_ratio":0.293}} } }, "wide_default":{ "freeform_args": { "vertical_portrait":{"aspect_ratio":0.625, "original_ratio":0.5806,"original_scale":0.7574,"top_margin":0.125,"left_margin":0.392}, "horizontal_portrait":{"aspect_ratio":0.625, "original_ratio":0.5806,"original_scale":0.7574,"top_margin":-1,"left_margin":0.6415}, "vertical_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.5153,"top_margin":0.125,"left_margin":0.206}, "horizontal_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.5153,"top_margin":-1,"left_margin":0.456} }, "mini_freeform_args":{ "vertical_portrait":{"original_ratio":0.144}, "horizontal_portrait":{"original_ratio":0.144}, "vertical_landscape":{"original_ratio":0.144}, "horizontal_landscape":{"original_ratio":0.144} } }, "narrow_default": { "freeform_args": { "vertical_portrait":{"aspect_ratio":0.5625, "original_ratio":1,"original_scale":0.7182,"top_margin":0.142,"left_margin":-1}, "horizontal_portrait":{"aspect_ratio":0.8, "original_ratio":1,"original_scale":0.7182,"top_margin":-1,"left_margin":0.05}, "vertical_landscape":{"aspect_ratio":1.6, "original_ratio":0.6545,"original_scale":0.4473,"top_margin":0.142,"left_margin":-1}, "horizontal_landscape":{"aspect_ratio":1.6, "original_ratio":0.6545,"original_scale":0.4473,"top_margin":-1,"left_margin":0.05} }, "mini_freeform_args":{ "vertical_portrait":{"original_ratio":0.3}, "horizontal_portrait":{"original_ratio":0.3}, "vertical_landscape":{"original_ratio":0.3}, "horizontal_landscape":{"original_ratio":0.3} } }, "regular_default": { "freeform_args": { "vertical_portrait":{"aspect_ratio":0.625, "original_ratio":1,"original_scale":0.7,"top_margin":0.109,"left_margin":-1}, "horizontal_portrait":{"aspect_ratio":0.6667, "original_ratio":1,"original_scale":0.6102,"top_margin":-1,"left_margin":0.026}, "vertical_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.4244,"top_margin":0.109,"left_margin":-1}, "horizontal_landscape":{"aspect_ratio":1.6, "original_ratio":1,"original_scale":0.4244,"top_margin":-1,"left_margin":0.026} }, "mini_freeform_args":{ "vertical_portrait":{"original_ratio":0.25}, "horizontal_portrait":{"origina
06-26 10:48:36.016 3488 3488 D MiuiMultiWindowUtils: initFreeFormResolutionArgs failed, device is shennong
06-26 10:48:51.011 2256 2298 I SmartPower: game.taptap.jtjoy.cat/10405(3488): visible->invisible(21825ms) R(become invisible) adj=102.
06-26 10:48:51.011 2256 2298 I SmartPower: game.taptap.jtjoy.cat/10405(3488): invisible->background(0ms) R(become background) adj=102.
06-26 10:48:51.559 2256 2298 D DisplayManagerService: Ignore redundant display event 0/2 to 10405/3488

好像是启动的时候启动了另外一个渲染,都没到 webview, app 渲染了一个简单的界面,里面都是黄网。点击后就启动外部浏览器,这种感觉像是 android 里引入的插件有问题

样本发一下, 正常的和恶意的. 分析一下.