Python脚本:识别APP加固厂商

2020-8-21 宋宋宋

没什么技术含量,重在收集加固 “特征” ~

脚本目录:

{4CDB9158-ADAB-4EE9-9AF2-BE2806EA466D}_20200821184248.jpg


jiagu_config.txt 包含了我收集的特征:

{"360": [".appkey","libjiagu.so"]}
{"爱加密": ["libexecmain.so","ijiami.ajm","af.bin","signed.bin","libexec.so","libexec.so"]}
{"几维安全": ["dex.dat","kdpdata.so","libkdp.so","libkwscmm.so"]}
{"梆梆安全免费版": ["secData0.jar","libSecShell.so","libSecShell-x86.so"]}
{"梆梆安全定制版": ["classes.jar","DexHelper.so"]}
{"腾讯加固": ["libshella-xxxx.so","libshellx-xxxx.so","mix.dex","mixz.dex"]}
{"腾讯御安全": ["libtosprotection.armeabi-v7a.so","libtosprotection.armeabi.so","libtosprotection.x86.so","tosversion","libtest.so","libTmsdk-xxx-mfr.so"]}
{"顶象技术": ["libx3g.so"]}
{"阿里加固": ["libfakejni.so","libzuma.so","libzumadata.so","libpreverify1.so","classes.dex.dat","dp.arm-v7.so.dat","dp.arm.so.dat"]}
{"百度加固": ["libbaiduprotect.so","baiduprotect1.jar","baiduprotect.jar"]}
{"海云安加固": ["itse","libitsec.so","jiagu_data.bin","sign.bin","libapktoolplus_jiagu.so"]}
{"娜迦": ["libedog.so","libddog.so","libchaosvmp.so","libedog.so"]}
{"通付盾": ["libegis.so"]}
{"盛大加固": ["libapssec.so"]}
{"瑞星加固": ["librsprotect.so"]}
{"网秦加固": ["libnqshield.so"]}
{"uu安全": ["libuusafe.jar.so","libuusafe.so","libuusafeempty.so"]}
{"中国移动加固": ["mogosec_classes","mogosec_data","mogosec_dexinfo","mogosec_march","libcmvmp.so","libmogosec_dex.so","libmogosec_sodecrypt.so","libmogosecurity.so"]}
{"珊瑚灵御": ["libreincp.so","libreincp_x86.so"]}

PS:我编辑了好久。。。但这个配置文件的结构并不好,应该做成一个json文件,不应该一行一个json,不过也不想改了。。。

如果你需要维护特征,也是非常简单,直接加就好了:

main.py就是主代码了:

import sys
import json
import zipfile
import argparse

class CheckApp():
    '''
    识别加固厂商、提供脱壳建议、尝试自动化脱壳方案。
    '''
    def __init__(self, myapp):
        self.jiagu_app = myapp
        self.jiagu_config = 'jiagu_config.txt'
        self.jiagu_fuck_config = 'jiagu_fconfig.txt'
        self.allFileName = []

    def findFileName(self):
        zip_file = zipfile.ZipFile(self.jiagu_app)
        zip_list = zip_file.namelist()
        for evFileName in zip_list:
            if 'assets/' in evFileName or 'lib/' in evFileName:
                self.allFileName.append(evFileName.split('/')[-1])
        zip_file.close()
        return self.allFileName

    def checkJiagu(self):
        with open('jiagu_config.txt','r',encoding='utf8') as r:
            for line in r:
                jiaguArray = json.loads(line.strip())
                jiaguCompany = list(jiaguArray.keys())[0]
                jiaguFile = list(jiaguArray.values())[0]
                for evjiaguFile in jiaguFile:
                    if evjiaguFile in self.allFileName:
                        return jiaguCompany,evjiaguFile
        return False
    
    def fuckJiagu(self):
        pass
    
if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.description='please input apk name'
    parser.add_argument("-a", help="apkname", dest="apkname", type=str, default=False)
    args = parser.parse_args()

    if args.apkname is False:
        print('please input apk name : main.py -a test.apk')
        sys.exit()

    try:
        ca = CheckApp(args.apkname)
        ca.findFileName()
        finares = ca.checkJiagu()
        print('OK : Company: {0} - File: {1}'.format(*finares))
    except Exception as e:
        print('Error : Bad check')
        # --> you can print(e)

参数-a 指定APP名字,输出:

{C78BDB0A-4614-4843-A2C3-E15C6E2D60C2}_20200821185307.jpg

没有附件提供下载,直接Copy就好了。
问:是轮子吗?
答:有可能。


标签: Android python

发表评论:

密码站 2013 - 2020 | 辽ICP备17016418号-1