APK查壳软件(根据so名)

2021-11-22 16:23:45 浏览数 (2)

基于so文件名特征的查壳小软件,支持输入文件路径和导入文件两种模式。

下载地址: csdn下载 百度网盘下载 提取码: uvmh

下载完成解压后,在 checkappdist 目录下启动 check.exe 文件.

原理比较简单,解压apk后根据so文件名称来判断是否出现在我们指定好的加固样本中

python代码:

代码语言:javascript复制
import zipfile
from tkinter import Tk, END,Label,Entry,W,Button,Text
import threading
from tkinter import filedialog


class shellDetector():
	def __init__(self):
		self.shellfeatures={
			"libchaosvmp.so":u"娜迦",
			"libddog.so":u"娜迦",
			"libfdog.so":u"娜迦",
			"libedog.so":u"娜迦企业版",
			"libexec.so":u"爱加密",
			"libexecmain.so":u"爱加密",
			"ijiami.dat":u"爱加密",
			"ijiami.ajm":u"爱加密企业版",
			"libsecexe.so":u"梆梆免费版",
			"libsecmain.so":u"梆梆免费版",
			"libSecShell.so":u"梆梆免费版",
			"libDexHelper.so":u"梆梆企业版",
			"libDexHelper-x86.so":u"梆梆企业版",
			"libprotectClass.so":u"360",
			"libjiagu.so":u"360",
			"libjiagu_art.so":u"360",
			"libjiagu_x86.so":u"360",
			"libegis.so":u"通付盾",
			"libNSaferOnly.so":u"通付盾",
			"libnqshield.so":u"网秦",
			"libbaiduprotect.so":u"百度",
			"aliprotect.dat":u"阿里聚安全",
			"libsgmain.so":u"阿里聚安全",
			"libsgsecuritybody.so":u"阿里聚安全",
			"libmobisec.so":u"阿里聚安全",
			"libtup.so":u"腾讯",
			"libexec.so":u"腾讯",
			"libshell.so":u"腾讯",
			"mix.dex":u"腾讯",
			"lib/armeabi/mix.dex":u"腾讯",
			"lib/armeabi/mixz.dex":u"腾讯",
			"libtosprotection.armeabi.so":u"腾讯御安全",
			"libtosprotection.armeabi-v7a.so":u"腾讯御安全",
			"libtosprotection.x86.so":u"腾讯御安全",
			"libnesec.so":u"网易易盾",
			"libAPKProtect.so":u"APKProtect",
			"libkwscmm.so":u"几维安全",
			"libkwscr.so":u"几维安全",
			"libkwslinker.so":u"几维安全",
			"libx3g.so":u"顶像科技",
			"libapssec.so":u"盛大",
			"librsprotect.so":u"瑞星"
		}

	def shellDetector(self,apkpath):
		zipfiles=zipfile.ZipFile(apkpath)
		nameList=zipfiles.namelist()
		for fileName in nameList:
			try:
				for shell in self.shellfeatures.keys():
					if shell in fileName:
						shellType=self.shellfeatures[shell]
						result = u"该apk使用了《"   shellType   u"》加固"
						return result
			except:
				return u"unknown"
		return u"该APK未加固或采用未知加固厂商n"


if __name__ == '__main__':
    root = Tk()
    root.title('APK查壳工具 by:lx')
    root.iconbitmap('check.ico')
    root.geometry('300x320')
    lable = Label(root, text='请输入apk路径:', font=('楷体', 15))
    lable.grid()
    entry = Entry(root, font=('楷体', 15))
    entry.grid(row=1, column=0)



    def thread_it(func, *args):
        t = threading.Thread(target=func, args=args)
        t.setDaemon(True)
        t.start()



    def get_apk_path():
        return entry.get()


    def main():
        apk_path = get_apk_path()
        if not apk_path:
            text1.insert(END,'n请输入APK路径',)
            return
        elif str(apk_path).endswith('.apk') ==False:
            text1.insert(END,'n请输入APK的完整路径',)
            return
        sd = shellDetector()
        result = sd.shellDetector(apk_path)
        text2.insert(END,result)



    def main2():
        apk_path = filedialog.askopenfilename()
        if not apk_path:
            text1.insert(END, 'n请选择apk路径', )
            return
        elif str(apk_path).endswith('.apk') == False:
            text1.insert(END, 'n请选择apk的完整路径', )
            return
        sd = shellDetector()
        result = sd.shellDetector(apk_path)
        text2.insert(END, result)


    button1 = Button(root, text='输入路径后点击开始', font=('楷体', 18), command=lambda: thread_it(main, ))
    button1.grid(row=2, column=0, sticky=W, padx=30, pady=10)


    button2 = Button(root, text='可直接导入文件检测', font=('楷体', 18), command=lambda: thread_it(main2, ))
    button2.grid(row=3, column=0, sticky=W, padx=30, pady=10)



    text1 = Text(root, width=40, height=8)
    text1.insert(END,'目前支持检测的加固有:n  [娜迦,娜迦企业版,腾讯,爱加密,爱加密企业版,梆梆免费版,梆梆企业版,360,通付盾,网秦,百度,阿里聚安全,腾讯,网易易盾,APKProtect,几维安全,顶像科技,盛大,瑞星]n')
    text1.grid()
    text2 = Text(root, width=40, height=2)
    text2.grid()
    root.mainloop()

0 人点赞