apk各种壳的检测

其实就是解压apk文件,匹配到各大厂家用于加固的.so文件的名字。
说明一下apk的壳,应该叫packer,而不是shell。以下保留作者的信息。

import zipfile
'''
first,get namelist from apk
second,matching the features
thrid,julging for the packerType
so easy~~
by zsdlove
2018/8/24 Morning
'''
packer_features={
    "libchaosvmp.so":"娜迦",
    "libddog.so":"娜迦",
    "libfdog.so":"娜迦",
    "libedog.so":"娜迦企业版",
    "libexec.so":"爱加密",
    "libexecmain.so":"爱加密",
    "ijiami.dat":"爱加密",
    "ijiami.ajm":"爱加密企业版",
    "libsecexe.so":"梆梆免费版",
    "libsecmain.so":"梆梆免费版",
    "libSecShell.so":"梆梆免费版",
    "libDexHelper.so":"梆梆企业版",
    "libDexHelper-x86.so":"梆梆企业版",
    "libprotectClass.so":"360",
    "libjiagu.so":"360",
    "libjiagu_art.so":"360",
    "libjiagu_x86.so":"360",
    "libegis.so":"通付盾",
    "libNSaferOnly.so":"通付盾",
    "libnqshield.so":"网秦",
    "libbaiduprotect.so":"百度",
    "aliprotect.dat":"阿里聚安全",
    "libsgmain.so":"阿里聚安全",
    "libsgsecuritybody.so":"阿里聚安全",
    "libmobisec.so":"阿里聚安全",
    "libtup.so":"腾讯",
    "libexec.so":"腾讯",
    "libshell.so":"腾讯",
    "mix.dex":"腾讯",
    "lib/armeabi/mix.dex":"腾讯",
    "lib/armeabi/mixz.dex":"腾讯",
    "libtosprotection.armeabi.so":"腾讯御安全",
    "libtosprotection.armeabi-v7a.so":"腾讯御安全",
    "libtosprotection.x86.so":"腾讯御安全",
    "libnesec.so":"网易易盾",
    "libAPKProtect.so":"APKProtect",
    "libkwscmm.so":"几维安全",
    "libkwscr.so":"几维安全",
    "libkwslinker.so":"几维安全",
    "libx3g.so":"顶像科技",
    "libapssec.so":"盛大",
    "librsprotect.so":"瑞星"
}
def packerDetector(apkpath):
    packerType=""
    packersign=""
    flag=True
    zipfiles=zipfile.ZipFile(apkpath)
    nameList=zipfiles.namelist()
    for fileName in nameList:
        for packer in packer_features.keys():
            if packer in fileName:
                flag=True
                packerType=packerfeatures[shell]
                packersign=packer
                break
            else:
                flag=False
    if flag:
        print("[*] 经检测,该apk使用了"+packerType+"进行加固")
    else:
        print("[*] 经检测,该apk并没有加固")
    return

def main():
    args = sys.argv[1:]
    if len(sys.argv) != 2:
        print("[!] 参数个数错误")
        exit(1)
    packerDetector(args[1])
if __name__ == '__main__':
    main()

来源:
https://github.com/zsdlove/ApkVulCheck/blob/master/plugin/shellDetector.py

  • 1
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 4
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值