由于市面上的安卓查殼工具太老了哮笆，分析了一波思路菇曲，原理就是尋找so文件和市面的主流加固對比。

最近在分析南航的時候码党，發(fā)現(xiàn)有個版本是啟明星辰加固的，于是就有了這個想法斥黑。

不多bb揖盘，貼代碼

import os
import sys
import shutil
import zipfile

# so層檢測
so_dict = {
        "libchaosvmp.so":                  "娜迦",
        "libddog.so":                      "娜迦",
        "libfdog.so":                      "娜迦",
        "libedog.so":                      "娜迦企業(yè)版",
        "libexec.so":                      "愛加密",
        "libexecmain.so":                  "愛加密",
        "ijiami.dat":                      "愛加密",
        "ijiami.ajm":                      "愛加密企業(yè)版",
        "libsecexe.so":                    "梆梆免費版",
        "libsecmain.so":                   "梆梆免費版",
        "libSecShell.so":                  "梆梆免費版",
        "libDexHelper.so":                 "梆梆企業(yè)版",
        "libDexHelper-x86.so":             "梆梆企業(yè)版",
        "libprotectClass.so":              "360",
        "libjiagu.so":                     "360",
        "libjiagu_art.so":                 "360",
        "libjiagu_x86.so":                 "360",
        "libegis.so":                      "通付盾",
        "libNSaferOnly.so":                "通付盾",
        "libnqshield.so":                  "網(wǎng)秦",
        "libbaiduprotect.so":              "百度",
        "aliprotect.dat":                  "阿里聚安全",
        "libsgmain.so":                    "阿里聚安全",
        "libsgsecuritybody.so":            "阿里聚安全",
        "libmobisec.so":                   "阿里聚安全",
        "libtup.so":                       "騰訊",
        "libshell.so":                     "騰訊",
        "mix.dex":                         "騰訊",
        "libtosprotection.armeabi.so":     "騰訊御安全",
        "libtosprotection.armeabi-v7a.so": "騰訊御安全",
        "libtosprotection.x86.so":         "騰訊御安全",
        "libnesec.so":                     "網(wǎng)易易盾",
        "libAPKProtect.so":                "APKProtect",
        "libkwscmm.so":                    "幾維安全",
        "libkwscr.so":                     "幾維安全",
        "libkwslinker.so":                 "幾維安全",
        "libx3g.so":                       "頂像科技",
        "libapssec.so":                    "盛大",
        "librsprotect.so":                 "瑞星",
}
# assets層檢測
assets_dict = {
        "libvenSec.so":    "啟明星辰",
        "libvenustech.so": "啟明星辰",
}

BASE_PATH = os.getcwd()
TUOKE_PATH = os.path.join(BASE_PATH, 'pack_apk')
print(TUOKE_PATH)


def zip_apk(apk_name, file_path):
    # 解壓
    with zipfile.ZipFile(apk_name, 'r')as z:
        z.extractall(path = file_path)


# 遍歷解壓出來的文件
def walk_folder(folder_path):
    for root, dirs, files in os.walk(folder_path):
        if 'assets' in root:
            for i in files:
                if i in list(assets_dict.keys()):
                    return assets_dict[i]

        if 'lib' in root:
            for i in files:
                if i in list(so_dict.keys()):
                    return so_dict[i]

    return '未加固或無法檢測'


# 識別so文件 是否加殼
# "lib -> armeabi-v7a 或者 arm64-v8a

if __name__ == '__main__':
    aok_name = ''
    print("==========請確保該目錄下只有一個APK===========")
    for file in os.listdir(BASE_PATH):
        if '.apk' in file:
            print("==========找到apk,開始查殼========")
            print("==========    AOLIGEI    ========")
            zip_apk(apk_name = file, file_path = TUOKE_PATH)
            print(f"加固->：{walk_folder(TUOKE_PATH)}=======")