apk壳检测(改善了下代码坑)

简介

最近在研究APP脱壳,然后网上撸了个APK壳检测代码,发现Python写的不能直接用,调试了下可以用了,还是花了些时间。

apk壳检测

原作者代码:
https://github.com/zsdlove/ApkVulCheck/blob/master/plugin/shellDetector.py

import zipfile
'''
first,get namelist from apk
second,matching the features
thrid,julging for the shellType
so easy~~
by zsdlove
2018/8/24 Morning
'''
shellfeatures={
	"libchaosvmp.so":"娜迦",
	"libddog.so":"娜迦",
	"libfdog.so":"娜迦",
	"libedog.so":"娜迦企业版",
	"libexec.so":"爱加密",
	"libexecmain.so":"爱加密",
	"ijiami.dat":"爱加密",
	"ijiami.ajm":"爱加密企业版",
	"libsecexe.so":"梆梆免费版",
	"libsecmain.so":"梆梆免费版",
	"libSecShell.so":"梆梆免费版",
	"libDexHelper.so":"梆梆企业版",
	"libDexHelper-x86.so":"梆梆企业版",
	"libprotectClass.so":"360",
	"libjiagu.so":"360",
	"libjiagu_art.so":"360",
	"libjiagu_x86.so":"360",
	"libegis.so":"通付盾",
	"libNSaferOnly.so":"通付盾",
	"libnqshield.so":"网秦",
	"libbaiduprotect.so":"百度",
	"aliprotect.dat":"阿里聚安全",
	"libsgmain.so":"阿里聚安全",
	"libsgsecuritybody.so":"阿里聚安全",
	"libmobisec.so":"阿里聚安全",
	"libtup.so":"腾讯",
	"libexec.so":"腾讯",
	"libshell.so":"腾讯",
	"mix.dex":"腾讯",
	"lib/armeabi/mix.dex":"腾讯",
	"lib/armeabi/mixz.dex":"腾讯",
	"libtosprotection.armeabi.so":"腾讯御安全",
	"libtosprotection.armeabi-v7a.so":"腾讯御安全",
	"libtosprotection.x86.so":"腾讯御安全",
	"libnesec.so":"网易易盾",
	"libAPKProtect.so":"APKProtect",
	"libkwscmm.so":"几维安全",
	"libkwscr.so":"几维安全",
	"libkwslinker.so":"几维安全",
	"libx3g.so":"顶像科技",
	"libapssec.so":"盛大",
	"librsprotect.so":"瑞星"
}
def shellDetector(apkpath):
	shellType=""
	shellsign=""
	flag=True
	zipfiles=zipfile.ZipFile(apkpath)
	nameList=zipfiles.namelist()
	for fileName in nameList:
		for shell in shellfeatures.keys():
			if shell in fileName:
				flag=True
				shellType=shellfeatures[shell]
				shellsign=shell
				break
			else:
				flag=False
	if flag==True:
		print("经检测,该apk使用了"+shellType+"进行加固")
if __name__ == '__main__':
	shellDetector("test.apk")

``复制或者去GitHub 下载过来 你直接运行是会报错的。在这里插入图片描述
用IDE打开调试看看发现Python 很严谨,可能作者在复制或者上传过程中,还是浏览器问题,少了个table键,然后少了回车键造成代码运行不了,调试好的代码如下

```python
import zipfile
'''
first,get namelist from apk
second,matching the features
thrid,julging for the shellType
so easy~~
by zsdlove
2018/8/24 Morning
'''
shellfeatures={
	"libchaosvmp.so":"娜迦",
	"libddog.so":"娜迦",
	"libfdog.so":"娜迦",
	"libedog.so":"娜迦企业版",
	"libexec.so":"爱加密",
	"libexecmain.so":"爱加密",
	"ijiami.dat":"爱加密",
	"ijiami.ajm":"爱加密企业版",
	"libsecexe.so":"梆梆免费版",
	"libsecmain.so":"梆梆免费版",
	"libSecShell.so":"梆梆免费版",
	"libDexHelper.so":"梆梆企业版",
	"libDexHelper-x86.so":"梆梆企业版",
	"libprotectClass.so":"360",
	"libjiagu.so":"360",
	"libjiagu_art.so":"360",
	"libjiagu_x86.so":"360",
	"libegis.so":"通付盾",
	"libNSaferOnly.so":"通付盾",
	"libnqshield.so":"网秦",
	"libbaiduprotect.so":"百度",
	"aliprotect.dat":"阿里聚安全",
	"libsgmain.so":"阿里聚安全",
	"libsgsecuritybody.so":"阿里聚安全",
	"libmobisec.so":"阿里聚安全",
	"libtup.so":"腾讯",
	"libexec.so":"腾讯",
	"libshell.so":"腾讯",
	"mix.dex":"腾讯",
	"lib/armeabi/mix.dex":"腾讯",
	"lib/armeabi/mixz.dex":"腾讯",
	"libtosprotection.armeabi.so":"腾讯御安全",
	"libtosprotection.armeabi-v7a.so":"腾讯御安全",
	"libtosprotection.x86.so":"腾讯御安全",
	"libnesec.so":"网易易盾",
	"libAPKProtect.so":"APKProtect",
	"libkwscmm.so":"几维安全",
	"libkwscr.so":"几维安全",
	"libkwslinker.so":"几维安全",
	"libx3g.so":"顶像科技",
	"libapssec.so":"盛大",
	"librsprotect.so":"瑞星"
}

def shellDetector(apkpath):
	shellType=""
	shellsign=""
	flag=True
	zipfiles=zipfile.ZipFile(apkpath)
	nameList=zipfiles.namelist()
	for fileName in nameList:
		for shell in shellfeatures.keys():
			if shell in fileName:
				flag=True
				shellType=shellfeatures[shell]
				shellsign=shell
				break
			else:
				flag=False
		if flag==True:
			print("经检测,该apk使用了"+shellType+"进行加固")

if __name__ == '__main__':
	shellDetector("test.apk")

``
特别要注意地方:
apk壳检测(改善了下代码坑)_第1张图片
这段代码意思 是解压apk 然后检索解压文件里面有没有各厂商特征的加壳文件。有的话就能检测出是哪家厂商的壳。
后面同事帮我修改下代码。

import zipfile
'''
first,get namelist from apk
second,matching the features
thrid,julging for the shellType
so easy~~
by zsdlove
2018/8/24 Morning
'''
shellfeatures={
	"libchaosvmp.so":"娜迦",
	"libddog.so":"娜迦",
	"libfdog.so":"娜迦",
	"libedog.so":"娜迦企业版",
	"libexec.so":"爱加密",
	"libexecmain.so":"爱加密",
	"ijiami.dat":"爱加密",
	"ijiami.ajm":"爱加密企业版",
    "libsecexe.so":"梆梆免费版",
	"libsecmain.so":"梆梆免费版",
	"libSecShell.so":"梆梆免费版",
	"libDexHelper.so":"梆梆企业版",
	"libDexHelper-x86.so":"梆梆企业版",
	"libprotectClass.so":"360",
	"libjiagu.so":"360",
	"libjiagu_art.so":"360",
	"libjiagu_x86.so":"360",
	"libegis.so":"通付盾",
	"libNSaferOnly.so":"通付盾",
	"libnqshield.so":"网秦",
	"libbaiduprotect.so":"百度",
	"aliprotect.dat":"阿里聚安全",
	"libsgmain.so":"阿里聚安全",
	"libsgsecuritybody.so":"阿里聚安全",
	"libmobisec.so":"阿里聚安全",
	"libtup.so":"腾讯",
	"libexec.so":"腾讯",
	"libshell.so":"腾讯",
	"mix.dex":"腾讯",
	"lib/armeabi/mix.dex":"腾讯",
	"lib/armeabi/mixz.dex":"腾讯",
	"libtosprotection.armeabi.so":"腾讯御安全",
	"libtosprotection.armeabi-v7a.so":"腾讯御安全",
	"libtosprotection.x86.so":"腾讯御安全",
	"libnesec.so":"网易易盾",
	"libAPKProtect.so":"APKProtect",
	"libkwscmm.so":"几维安全",
	"libkwscr.so":"几维安全",
	"libkwslinker.so":"几维安全",
	"libx3g.so":"顶像科技",
	"libapssec.so":"盛大",
	"librsprotect.so":"瑞星"
}
def shellDetector(apkpath):
	shellType=""
	shellsign=""
	flag=False
	zipfiles=zipfile.ZipFile(apkpath)
	nameList=zipfiles.namelist()
	for fileName in nameList:
		for shell in shellfeatures.keys():
			if shell in fileName:
				shellType=shellfeatures[shell]
				shellsign=shell
				break
			else:
				flag=False
	
	if shellType == '':
		print("经检测,该apk使用了未识别加固方式")
	else:
		print("经检测,该apk使用了"+shellType+"进行加固")
if __name__ == '__main__':
	shellDetector("test.apk")

小伙伴们可以关注我微信公众号,一起交流进步,有问题直接留言,我能解答,都会免费解答,没有任何套路。

在这里插入图片描述

你可能感兴趣的:(编程)