apk_shell_detect.py

# author: myc

import sys
import zipfile

shell_features = {
    "libchaosvmp.so":"娜迦",
    "libddog.so":"娜迦",
    "libfdog.so":"娜迦",
    "libedog.so":"娜迦企业版",
    "libexec.so":"爱加密",
    "libexecmain.so":"爱加密",
    "ijiami.dat":"爱加密",
    "ijiami.ajm":"爱加密企业版",
    "libsecexe.so":"梆梆免费版",
    "libsecmain.so":"梆梆免费版",
    "libSecShell.so":"梆梆免费版",
    "libDexHelper.so":"梆梆企业版",
    "libDexHelper-x86.so":"梆梆企业版",
    "libprotectClass.so":"360",
    "libjiagu.so":"360",
    "libjiagu_art.so":"360",
    "libjiagu_x86.so":"360",
    "libegis.so":"通付盾",
    "libNSaferOnly.so":"通付盾",
    "libnqshield.so":"网秦",
    "libbaiduprotect.so":"百度",
    "aliprotect.dat":"阿里聚安全",
    "libsgmain.so":"阿里聚安全",
    "libsgsecuritybody.so":"阿里聚安全",
    "libmobisec.so":"阿里聚安全",
    "libtup.so":"腾讯",
    "libexec.so":"腾讯",
    "libshell.so":"腾讯",
    "mix.dex":"腾讯",
    "lib/armeabi/mix.dex":"腾讯",
    "lib/armeabi/mixz.dex":"腾讯",
    "libtosprotection.armeabi.so":"腾讯御安全",
    "libtosprotection.armeabi-v7a.so":"腾讯御安全",
    "libtosprotection.x86.so":"腾讯御安全",
    "libnesec.so":"网易易盾",
    "libAPKProtect.so":"APKProtect",
    "libkwscmm.so":"几维安全",
    "libkwscr.so":"几维安全",
    "libkwslinker.so":"几维安全",
    "libx3g.so":"顶像科技",
    "libapssec.so":"盛大",
    "librsprotect.so":"瑞星"
}


def extra_zip(zip_path):
    zip_file = zipfile.ZipFile(zip_path)
    name_list = zip_file.namelist()
    return name_list


def shell_detect(apk_path):
    shell_name = "unknown"
    name_list = extra_zip(apk_path)
    for name in name_list:
        for feature, shell in shell_features.items():
            if feature in name:
                shell_name = shell
    print("Shell: {}".format(shell_name))


if __name__ == '__main__':
    if len(sys.argv) != 2:
        print("Usage:\n\t{} <apk_path>\t".format(sys.argv[0]))
        sys.exit(0)
    shell_detect(sys.argv[1])