由于市面上的安卓查壳工具太老了，分析了一波思路，原理就是寻找so文件和市面的主流加固对比。

最近在分析南航的时候，发现有个版本是启明星辰加固的，于是就有了这个想法。

不多bb，贴代码

import os
import sys
import shutil
import zipfile

# so层检测
so_dict = {
        "libchaosvmp.so":                  "娜迦",
        "libddog.so":                      "娜迦",
        "libfdog.so":                      "娜迦",
        "libedog.so":                      "娜迦企业版",
        "libexec.so":                      "爱加密",
        "libexecmain.so":                  "爱加密",
        "ijiami.dat":                      "爱加密",
        "ijiami.ajm":                      "爱加密企业版",
        "libsecexe.so":                    "梆梆免费版",
        "libsecmain.so":                   "梆梆免费版",
        "libSecShell.so":                  "梆梆免费版",
        "libDexHelper.so":                 "梆梆企业版",
        "libDexHelper-x86.so":             "梆梆企业版",
        "libprotectClass.so":              "360",
        "libjiagu.so":                     "360",
        "libjiagu_art.so":                 "360",
        "libjiagu_x86.so":                 "360",
        "libegis.so":                      "通付盾",
        "libNSaferOnly.so":                "通付盾",
        "libnqshield.so":                  "网秦",
        "libbaiduprotect.so":              "百度",
        "aliprotect.dat":                  "阿里聚安全",
        "libsgmain.so":                    "阿里聚安全",
        "libsgsecuritybody.so":            "阿里聚安全",
        "libmobisec.so":                   "阿里聚安全",
        "libtup.so":                       "腾讯",
        "libshell.so":                     "腾讯",
        "mix.dex":                         "腾讯",
        "libtosprotection.armeabi.so":     "腾讯御安全",
        "libtosprotection.armeabi-v7a.so": "腾讯御安全",
        "libtosprotection.x86.so":         "腾讯御安全",
        "libnesec.so":                     "网易易盾",
        "libAPKProtect.so":                "APKProtect",
        "libkwscmm.so":                    "几维安全",
        "libkwscr.so":                     "几维安全",
        "libkwslinker.so":                 "几维安全",
        "libx3g.so":                       "顶像科技",
        "libapssec.so":                    "盛大",
        "librsprotect.so":                 "瑞星",
}
# assets层检测
assets_dict = {
        "libvenSec.so":    "启明星辰",
        "libvenustech.so": "启明星辰",
}

BASE_PATH = os.getcwd()
TUOKE_PATH = os.path.join(BASE_PATH, 'pack_apk')
print(TUOKE_PATH)


def zip_apk(apk_name, file_path):
    # 解压
    with zipfile.ZipFile(apk_name, 'r')as z:
        z.extractall(path = file_path)


# 遍历解压出来的文件
def walk_folder(folder_path):
    for root, dirs, files in os.walk(folder_path):
        if 'assets' in root:
            for i in files:
                if i in list(assets_dict.keys()):
                    return assets_dict[i]

        if 'lib' in root:
            for i in files:
                if i in list(so_dict.keys()):
                    return so_dict[i]

    return '未加固或无法检测'


# 识别so文件 是否加壳
# "lib -> armeabi-v7a 或者 arm64-v8a

if __name__ == '__main__':
    aok_name = ''
    print("==========请确保该目录下只有一个APK===========")
    for file in os.listdir(BASE_PATH):
        if '.apk' in file:
            print("==========找到apk,开始查壳========")
            print("==========    AOLIGEI    ========")
            zip_apk(apk_name = file, file_path = TUOKE_PATH)
            print(f"加固->：{walk_folder(TUOKE_PATH)}=======")