apk壳检测（改善了下代码坑）编程

简介最近在研究APP脱壳，然后网上撸了个APK壳检测代码，发现Python写的不能直接用，调试了下可以用了，还是花了些时间。
apk壳检测原作者代码：
https://github.com/zsdlove/ApkVulCheck/blob/master/plugin/shellDetector.py

import zipfile ''' first,get namelist from apk second,matching the features thrid,julging for the shellType so easy~~ by zsdlove 2018/8/24 Morning ''' shellfeatures={ "libchaosvmp.so":"娜迦", "libddog.so":"娜迦", "libfdog.so":"娜迦", "libedog.so":"娜迦企业版", "libexec.so":"爱加密", "libexecmain.so":"爱加密", "ijiami.dat":"爱加密", "ijiami.ajm":"爱加密企业版", "libsecexe.so":"梆梆免费版", "libsecmain.so":"梆梆免费版", "libSecShell.so":"梆梆免费版", "libDexHelper.so":"梆梆企业版", "libDexHelper-x86.so":"梆梆企业版", "libprotectClass.so":"360", "libjiagu.so":"360", "libjiagu_art.so":"360", "libjiagu_x86.so":"360", "libegis.so":"通付盾", "libNSaferOnly.so":"通付盾", "libnqshield.so":"网秦", "libbaiduprotect.so":"百度", "aliprotect.dat":"阿里聚安全", "libsgmain.so":"阿里聚安全", "libsgsecuritybody.so":"阿里聚安全", "libmobisec.so":"阿里聚安全", "libtup.so":"腾讯", "libexec.so":"腾讯", "libshell.so":"腾讯", "mix.dex":"腾讯", "lib/armeabi/mix.dex":"腾讯", "lib/armeabi/mixz.dex":"腾讯", "libtosprotection.armeabi.so":"腾讯御安全", "libtosprotection.armeabi-v7a.so":"腾讯御安全", "libtosprotection.x86.so":"腾讯御安全", "libnesec.so":"网易易盾", "libAPKProtect.so":"APKProtect", "libkwscmm.so":"几维安全", "libkwscr.so":"几维安全", "libkwslinker.so":"几维安全", "libx3g.so":"顶像科技", "libapssec.so":"盛大", "librsprotect.so":"瑞星" } def shellDetector(apkpath): shellType="" shellsign="" flag=True zipfiles=zipfile.ZipFile(apkpath) nameList=zipfiles.namelist() for fileName in nameList: for shell in shellfeatures.keys(): if shell in fileName: flag=True shellType=shellfeatures[shell] shellsign=shell break else: flag=False if flag==True: print("经检测，该apk使用了"+shellType+"进行加固") if __name__ == '__main__': shellDetector("test.apk")

``复制或者去GitHub 下载过来你直接运行是会报错的。

文章图片

用IDE打开调试看看发现Python 很严谨，可能作者在复制或者上传过程中，还是浏览器问题，少了个table键，然后少了回车键造成代码运行不了，调试好的代码如下

```python import zipfile ''' first,get namelist from apk second,matching the features thrid,julging for the shellType so easy~~ by zsdlove 2018/8/24 Morning ''' shellfeatures={ "libchaosvmp.so":"娜迦", "libddog.so":"娜迦", "libfdog.so":"娜迦", "libedog.so":"娜迦企业版", "libexec.so":"爱加密", "libexecmain.so":"爱加密", "ijiami.dat":"爱加密", "ijiami.ajm":"爱加密企业版", "libsecexe.so":"梆梆免费版", "libsecmain.so":"梆梆免费版", "libSecShell.so":"梆梆免费版", "libDexHelper.so":"梆梆企业版", "libDexHelper-x86.so":"梆梆企业版", "libprotectClass.so":"360", "libjiagu.so":"360", "libjiagu_art.so":"360", "libjiagu_x86.so":"360", "libegis.so":"通付盾", "libNSaferOnly.so":"通付盾", "libnqshield.so":"网秦", "libbaiduprotect.so":"百度", "aliprotect.dat":"阿里聚安全", "libsgmain.so":"阿里聚安全", "libsgsecuritybody.so":"阿里聚安全", "libmobisec.so":"阿里聚安全", "libtup.so":"腾讯", "libexec.so":"腾讯", "libshell.so":"腾讯", "mix.dex":"腾讯", "lib/armeabi/mix.dex":"腾讯", "lib/armeabi/mixz.dex":"腾讯", "libtosprotection.armeabi.so":"腾讯御安全", "libtosprotection.armeabi-v7a.so":"腾讯御安全", "libtosprotection.x86.so":"腾讯御安全", "libnesec.so":"网易易盾", "libAPKProtect.so":"APKProtect", "libkwscmm.so":"几维安全", "libkwscr.so":"几维安全", "libkwslinker.so":"几维安全", "libx3g.so":"顶像科技", "libapssec.so":"盛大", "librsprotect.so":"瑞星" }def shellDetector(apkpath): shellType="" shellsign="" flag=True zipfiles=zipfile.ZipFile(apkpath) nameList=zipfiles.namelist() for fileName in nameList: for shell in shellfeatures.keys(): if shell in fileName: flag=True shellType=shellfeatures[shell] shellsign=shell break else: flag=False if flag==True: print("经检测，该apk使用了"+shellType+"进行加固")if __name__ == '__main__': shellDetector("test.apk")

``
特别要注意地方：

文章图片

这段代码意思是解压apk 然后检索解压文件里面有没有各厂商特征的加壳文件。有的话就能检测出是哪家厂商的壳。
后面同事帮我修改下代码。

import zipfile ''' first,get namelist from apk second,matching the features thrid,julging for the shellType so easy~~ by zsdlove 2018/8/24 Morning ''' shellfeatures={ "libchaosvmp.so":"娜迦", "libddog.so":"娜迦", "libfdog.so":"娜迦", "libedog.so":"娜迦企业版", "libexec.so":"爱加密", "libexecmain.so":"爱加密", "ijiami.dat":"爱加密", "ijiami.ajm":"爱加密企业版", "libsecexe.so":"梆梆免费版", "libsecmain.so":"梆梆免费版", "libSecShell.so":"梆梆免费版", "libDexHelper.so":"梆梆企业版", "libDexHelper-x86.so":"梆梆企业版", "libprotectClass.so":"360", "libjiagu.so":"360", "libjiagu_art.so":"360", "libjiagu_x86.so":"360", "libegis.so":"通付盾", "libNSaferOnly.so":"通付盾", "libnqshield.so":"网秦", "libbaiduprotect.so":"百度", "aliprotect.dat":"阿里聚安全", "libsgmain.so":"阿里聚安全", "libsgsecuritybody.so":"阿里聚安全", "libmobisec.so":"阿里聚安全", "libtup.so":"腾讯", "libexec.so":"腾讯", "libshell.so":"腾讯", "mix.dex":"腾讯", "lib/armeabi/mix.dex":"腾讯", "lib/armeabi/mixz.dex":"腾讯", "libtosprotection.armeabi.so":"腾讯御安全", "libtosprotection.armeabi-v7a.so":"腾讯御安全", "libtosprotection.x86.so":"腾讯御安全", "libnesec.so":"网易易盾", "libAPKProtect.so":"APKProtect", "libkwscmm.so":"几维安全", "libkwscr.so":"几维安全", "libkwslinker.so":"几维安全", "libx3g.so":"顶像科技", "libapssec.so":"盛大", "librsprotect.so":"瑞星" } def shellDetector(apkpath): shellType="" shellsign="" flag=False zipfiles=zipfile.ZipFile(apkpath) nameList=zipfiles.namelist() for fileName in nameList: for shell in shellfeatures.keys(): if shell in fileName: shellType=shellfeatures[shell] shellsign=shell break else: flag=False if shellType == '': print("经检测，该apk使用了未识别加固方式") else: print("经检测，该apk使用了"+shellType+"进行加固") if __name__ == '__main__': shellDetector("test.apk")

小伙伴们可以关注我微信公众号，一起交流进步，有问题直接留言，我能解答，都会免费解答，没有任何套路。
【apk壳检测（改善了下代码坑）】