Checklist / 检查清单
Enhancement propose / 改进目的
In my opinion two extensions for the current rules database layout would help LibChecker to get a greater audience and to support more features:
- Introduce a column e.g. "description_en" make this database translatable. Descriptions in rules like in
https://github.com/LibChecker/LibChecker-Rules/blob/master/native-libs/libfb.so.json
are incomprehensible for most people living in countries with latin character based languages. A possibility to translate the LibChecker database to english would help a lot.
- The LibChecker database could also store information to identify specific versions of libraries. I'm thinking of a table with following attributes:
- foreign key to rules table
- sha1 hash of the native library
- group id
- artifact id (group and artifact id may be different between different versions of the same library)
- min version
- max version (The version is a range since the native lib may be used unchanged in different versions of a library)
For most known open source libraries with native libs in the LibChecker database these information could be aggregated by scraping maven central. If those version data would be available in LibChecker database the app could identify specific versions by calculating and comparing hashes of native libs. Together with OWASP dependency check database LibChecker could even spot security issues in apps.
Another use case are decompilers: I recently used LibChecker rules database in a decompiler skylot/jadx#2040 (see sample script in issue)
Having dependency information with version numbers would make new ways possible to break code obfuscation.
The more uses cases exist for LibChecker rules database, the more people will contribute to this project.
Solution / 解决方案
No response
Additional info / 额外信息
No response
Checklist / 检查清单
Enhancement propose / 改进目的
In my opinion two extensions for the current rules database layout would help LibChecker to get a greater audience and to support more features:
https://github.com/LibChecker/LibChecker-Rules/blob/master/native-libs/libfb.so.json
are incomprehensible for most people living in countries with latin character based languages. A possibility to translate the LibChecker database to english would help a lot.
For most known open source libraries with native libs in the LibChecker database these information could be aggregated by scraping maven central. If those version data would be available in LibChecker database the app could identify specific versions by calculating and comparing hashes of native libs. Together with OWASP dependency check database LibChecker could even spot security issues in apps.
Another use case are decompilers: I recently used LibChecker rules database in a decompiler skylot/jadx#2040 (see sample script in issue)
Having dependency information with version numbers would make new ways possible to break code obfuscation.
The more uses cases exist for LibChecker rules database, the more people will contribute to this project.
Solution / 解决方案
No response
Additional info / 额外信息
No response