Guide: The group control system generally consists of multiple parts, such as the service running on the mobile phone, the input method used for analog input on the mobile phone, the center console used to operate and monitor all devices on the PC, and the server in the server. The running server that connects all devices, etc. This paper mainly introduces the related research and practice of group control software technology.
Text|Li Yiyang NetEase Yidun Android Security Engineer
Group control function: Different from the analog click tool, the group control system generally consists of multiple parts, such as the service running on the mobile phone, the input method used for analog input on the mobile phone, and the operation and monitoring of all devices on the PC console, the server running on the server that connects all devices, etc.
The composition of the group control system: As a system, the group control system consists of three parts: the PC central control module, the mobile phone communication module, and the function realization module, but not necessarily each module is independent or unique. For example, there are only two softwares: PC central control software and an APK installation package, while a certain assistant software includes PC central control software, input method APK, communication APK, and UIAutomator function APK.
1. PC central control module
The PC central control software is the core of the whole system. The core functions can be divided into two parts: monitoring and control of equipment, and writing and control of scripts.
The monitoring of equipment means that a large number of equipment screens will be displayed here. Through colors or some small signs, you can see whether the mobile phone communication module of the corresponding equipment is operating normally. When the command is issued, the device that does not execute the command correctly will appear due to the inconsistency of the screen. Black and gray manufacturers can quickly troubleshoot problems and ensure the normal operation of the equipment wall. This part of the function depends on adb or network communication, and the method can be changed according to the communication module in the mobile phone.
The writing of the script mainly depends on the analysis of the tree structure of the mobile phone Activity, so that the View information can be obtained by the script developer, and the coordinates of the View can be located through the id or text attribute of the View to complete the script development.
At the same time, some central control software also supports the function of the script market, and can directly write scripts that have been written by script developers.
The script is controlled and issued by the PC central control software, and can perform operations such as batch execution, regular execution, postponed execution, and batch stop.
2. Mobile phone communication module
It is mainly used to analyze the instructions of the PC central control software, and transmit the screen image to the PC central control software. Take an old group control software as an example.
Accept order:
It is also used to pop up some prompt information. For example, if you find a specified device, it will make a sound and prompt to close the prompt countdown:
3. Function realization module
Each group control system has its unique approach to achieve specific functions. In the entire group control system, this module is the closest to the protected application, and the current detection idea is mainly based on the functional module. Each of the functions mentioned here will be analyzed in more detail below.
Obtaining the Activity structure : During script development and use, it is necessary to obtain View information. In order to obtain this information, it needs to be assisted by the functional modules in the mobile phone.
Simulate click : Simulate the click of a normal user to trigger application buttons, screen sliding, etc. The simulated click is generally not a separate apk, and it is usually integrated in the input method.
Others : Small functions such as screenshots, switching WIFI, restarting devices, etc. will no longer be launched.
Functional division
Starting from the functions realized by group control, it can be divided into the following functions:
Operation of the system, WIFI on or off, traffic on or off, application installation and uninstallation, application activity startup, address book management, file transfer, clipboard transfer, tree structure acquisition of activities, and others.
Monitoring of the system, monitoring of short messages and their contents, monitoring of screen changes and others.
Simulation of input, simulation of text input, simulation of coordinate click, simulation of multi-selection box selection and others.
Its own logic, saving of recorded operations, playback of recorded operations, parsing of written scripts, processing of delayed scripts, communication between various parts, control of multiple scripts, and others.
technical details
Group control is often implemented across terminals. Now it can be basically divided into local group control and cloud control. The difference lies in whether to open external network control devices.
The advantage of cloud control is that the equipment itself can be decentralized. For example, a black and gray manufacturer rents a normal device for a period of time, sends instructions to operate through the cloud, and then settles the fee to retail investors after completing the black and gray operation. In this way, it is difficult to see the abnormality from the aggregation of the equipment, neither ip nor gps has any aggregation.
At the same time, cloud control also has another approach. The traditional device wall is also used. The device wall is connected to a central control server, and the server is open to the external network. In this way, the device wall can be operated anytime and anywhere, mainly for large-scale team operations. The local group control is the most traditional method. If there are few devices, you can directly connect to the computer through the hub, and the computer can directly operate the device wall across the terminal through the group control system. If there are too many devices, you can add a transit central control server, but do not connect to the external network, but directly receive instructions through the internal network such as a router.
Functional module principle
Simulated click: For the specific content of simulated click, please refer to the related articles on Android simulated click research published before.
Control Finder: Control Finder is a must-have function for any group control system and automatic click tool. In addition to the image search and OCR word search through the opencv library, the more important ability for control search is to obtain its properties. For example, if there are two buttons that look exactly the same in an interface, no matter whether it is looking for a picture or OCR, only the first value will be returned, and the latter button will be invalid.
Therefore, for the sake of script stability, the group control system and the automatic click tool will try their best to obtain the properties of the control, such as the unique ID.
Taking the existing sample as an example, there are two ways for the group control system to obtain control properties, namely the Auto.js-like method and the UIAutomator-like method.
Class Auto.js : This approach depends on the accessibility service, so it needs to register the accessibility service, but not all software needs to register the service
*/com.stardust.autojs.core.accessibility.AccessibilityService
Advantages: easy to develop and stable. Disadvantages: rely on accessibility services, which can be detected by obtaining the list of accessibility services.
Class UiAutoMator : This approach comes from testing tools, and appium is the same approach.
The general idea is to implant the UIAutomator debugging bridge into the device, and then use the adb shell uiautomator dump command to dump the tree structure of the current activity into an xml format, and then parse the xml to get all the control properties in the activity.
You can see that all the View information is obtained without using the accessibility service.
Pros: Breaks away from dependency on accessibility services, making detection more difficult. Disadvantages: Similar to the early monitor tools, all xml needs to be dumped and then parsed, which is less time-sensitive and less efficient.
Effective Detection Program
Network communication : At present, it is found that group control basically relies on socket communication. For some group control systems that are not well processed or have been developed for a long time, they can be detected by reoccupying ports.
Simulated click : Simulate click through adb permission, MotionEcent.obtain simulation, injectInputEvnet injection, Yidun Android anti-cheat capability already has the ability to detect this simulation behavior. Click to try NetEase Yidun anti-cheat products for free
Installation package : The relevant modules mentioned above can be used as the basis for detection.