apk各种壳的检测

其实就是解压apk文件,匹配到各大厂家用于加固的.so文件的名字。
说明一下apk的壳,应该叫packer,而不是shell。以下保留作者的信息。

import zipfile
'''
first,get namelist from apk
second,matching the features
thrid,julging for the packerType
so easy~~
by zsdlove
2018/8/24 Morning
'''
packer_features={
    "libchaosvmp.so":"娜迦",
    "libddog.so":"娜迦",
    "libfdog.so":"娜迦",
    "libedog.so":"娜迦企业版",
    "libexec.so":"爱加密",
    "libexecmain.so":"爱加密",
    "ijiami.dat":"爱加密",
    "ijiami.ajm":"爱加密企业版",
    "libsecexe.so":"梆梆免费版",
    "libsecmain.so":"梆梆免费版",
    "libSecShell.so":"梆梆免费版",
    "libDexHelper.so":"梆梆企业版",
    "libDexHelper-x86.so":"梆梆企业版",
    "libprotectClass.so":"360",
    "libjiagu.so":"360",
    "libjiagu_art.so":"360",
    "libjiagu_x86.so":"360",
    "libegis.so":"通付盾",
    "libNSaferOnly.so":"通付盾",
    "libnqshield.so":"网秦",
    "libbaiduprotect.so":"百度",
    "aliprotect.dat":"阿里聚安全",
    "libsgmain.so":"阿里聚安全",
    "libsgsecuritybody.so":"阿里聚安全",
    "libmobisec.so":"阿里聚安全",
    "libtup.so":"腾讯",
    "libexec.so":"腾讯",
    "libshell.so":"腾讯",
    "mix.dex":"腾讯",
    "lib/armeabi/mix.dex":"腾讯",
    "lib/armeabi/mixz.dex":"腾讯",
    "libtosprotection.armeabi.so":"腾讯御安全",
    "libtosprotection.armeabi-v7a.so":"腾讯御安全",
    "libtosprotection.x86.so":"腾讯御安全",
    "libnesec.so":"网易易盾",
    "libAPKProtect.so":"APKProtect",
    "libkwscmm.so":"几维安全",
    "libkwscr.so":"几维安全",
    "libkwslinker.so":"几维安全",
    "libx3g.so":"顶像科技",
    "libapssec.so":"盛大",
    "librsprotect.so":"瑞星"
}
def packerDetector(apkpath):
    packerType=""
    packersign=""
    flag=True
    zipfiles=zipfile.ZipFile(apkpath)
    nameList=zipfiles.namelist()
    for fileName in nameList:
        for packer in packer_features.keys():
            if packer in fileName:
                flag=True
                packerType=packerfeatures[shell]
                packersign=packer
                break
            else:
                flag=False
    if flag:
        print("[*] 经检测,该apk使用了"+packerType+"进行加固")
    else:
        print("[*] 经检测,该apk并没有加固")
    return

def main():
    args = sys.argv[1:]
    if len(sys.argv) != 2:
        print("[!] 参数个数错误")
        exit(1)
    packerDetector(args[1])
if __name__ == '__main__':
    main()

来源:
https://github.com/zsdlove/ApkVulCheck/blob/master/plugin/shellDetector.py

你可能感兴趣的:(Android逆向)