Android逆向小工具–apkCheckProtect

android小工具-查壳工具

移动端查壳并不是什么难事,主要就是特征库的维护而已。

这里V1版本仅对so文件做特征检验,其他文件检验将在下个版本体现

由于用几分钟写完,没来得及做各种兼容性适配和跨平台适配,有问题的话 可以直接评论留言

# -*- encoding:utf-8 -*-
import os
import sys
import zipfile
import shutil

PROTECTFLAG_DICT = {    
                        "libSecShell.so": u"梆梆加固-免费版",
                        "secData0.jar": u"梆梆加固-免费版", 
                        "libSecShell-x86.so": u"梆梆加固-免费版", 
                        "classes.jar": u"梆梆加固-定制版",
                        "DexHelper.so": u"梆梆加固-定制版", 

                        "libAPKProtect.so": u"APKProtect加固",

                        "libprotectClass.so": u"360加固",
                        "libjiagu.so": u"360加固",

                        "libNSaferOnly.so": u"通付盾加固",
                        "libegis.so": u"通付盾加固",

                        "libnqshield.so": u"网秦加固",

                        "libshella-xxxx.so": u"腾讯加固",
                        "libshellx-xxxx.so": u"腾讯加固",
                        "mix.dex": u"腾讯加固",
                        "libshell.so": u"腾讯加固",
                        "mixz.dex": u"腾讯加固",

                        "libtosprotection.armeabi-v7a.so": u"腾讯加固-御安全",
                        "libtosprotection.armeabi.so": u"腾讯加固-御安全",
                        "libtosprotection.x86.so": u"腾讯加固-御安全",
                        "tosversion": u"腾讯加固-御安全",
                        "libTmsdk-xxx-mfr.so": u"腾讯加固-御安全",

                        "ijiami.dat": u"爱加密加固",
                        "libexecmain.so": u"爱加密加固",
                        "ijiami.ajm": u"爱加密加固",
                        "libexec.so": u"爱加密加固", 
                        "af.bin": u"爱加密加固",
                        "signed.bin": u"爱加密加固",

                        "libx3g.so": u"顶象技术加固",

                        "libddog.so": u"娜迦加固",
                        "libedog.so": u"娜迦加固",

                        "libmobisec.so": u"阿里加固", 
                        "libfakejni.so": u"阿里加固", 
                        "libzuma.so": u"阿里加固", 
                        "libzumadata.so": u"阿里加固", 
                        "libpreverify1.so": u"阿里加固", 

                        "libbaiduprotect.so": u"百度加固",
                        "baiduprotect1.jar": u"百度加固",
                        "baiduprotect.jar": u"百度加固",

                        "kdpdata.so": u"几维加固",
                        "dex.dat": u"几维加固",
                        "libkdp.so": u"几维加固",
                        "libkwscmm.so": u"几维加固",

                        "dp.arm-v7.so.dat": u"DexProtect加固",
                        "dp.arm.so.dat": u"DexProtect加固",

                        "libitsec.so": u"海云安加固",

                        "libapktoolplus_jiagu.so": u"apktoolplus加固",

                        "libapssec.so": u"盛大加固",

                        "librsprotect.so": u"瑞星加固",

                        "libuusafe.jar.so": u"UU安全加固",
                        "libuusafe.so": u"UU安全加固",
                        "libuusafeempty.so": u"UU安全加固",

                        "libcmvmp.so": u"中国移动安全加固",
                        "libmogosec_dex.so": u"中国移动安全加固",
                        "libmogosec_sodecrypt.so": u"中国移动安全加固",
                        "libmogosecurity.so": u"中国移动安全加固",

                        "libreincp.so": u"珊瑚灵御加固",
                        "libreincp_x86.so": u"珊瑚灵御加固"

                        }

UNZIP_PATH = r"." + os.sep + "checkProtectUnzip"

def unZipApk(apkPath):
    z = zipfile.ZipFile(apkPath, 'r')
    z.extractall(path=UNZIP_PATH)
    z.close()
    return 1

def getSoList():
    lst = []
    for root, dirs, files in os.walk(UNZIP_PATH):
        for name in files:
            startIndex = name.find(r".so") 
            if startIndex != -1 and name not in lst:
                lst.append(name)
    return lst 

def removeUnZipFile():
    shutil.rmtree(UNZIP_PATH)

def checkProtect():
    flag = 0
    for lstName in getSoList():
        tmp = PROTECTFLAG_DICT.get(lstName)
        if tmp != None:
            flag = 1
            print "该Apk加固方式为:"
            print "**********************"
            print tmp
            print "**********************"
            break
    if flag != 1:
        print "该Apk未加固或特征库未收录!"
    removeUnZipFile()


def main():
    if unZipApk(sys.argv[1]) == 1:
        checkProtect()

if __name__ == '__main__':
    main()

ps:好久没码python,感觉风格又回去了 = =

欢迎提bug,也欢迎其他想法

发表评论

电子邮件地址不会被公开。

You must enable javascript to see captcha here!