1. Mainstream mobile devices are hardened
According to the use and promotion of the market, the mobile terminal reinforcement that has been formed and sold on the market mainly include: 1. Love encryption reinforcement 2. Bang Bang reinforcement 3. Tencent Legu 4. Netease Easy shield 5.360 reinforcement 6. Ali Cloud reinforcement 7. Baidu reinforcement 8. Naga reinforcement 9
2. Detailed analysis of mobile terminal security
2.1 Encryption Hardening
- After encryption hardening, there will be two Application entry classes, respectively, SuperApplication and NativeApplication.
2. The APK entry point become com. After reinforcement. Shell SuperApplication 3. After hardening, three files are added to the assets directory: ijiami.dat, iJiami2.dat, and ijiami.ajm. 4. Add two so files as libexec.so and libexecmain.so.
2.2 Bang Bang reinforcement
1. After hardening, the secData0.jar file 2 is added to the Assets directory. After hardening, several so files are added, such as libsecshell. so, libsecshell_x86.so, and libsecshell_art. so. 3. After reinforcement apk entrance class into com. Secshell. Shellwrapper. SecAppWrapper.
2.3 Tencent Legu
1. Reinforce the APK after entry into com. Tencent. StubShell. TxAppEntry 2. After hardening, several new files are added to the lib file: liblegudb.so, libshella-2.10.2.3.so, and mix.dex.
2.4 Netease Easy Shield reinforcement
1. After the hardening, the libnesec file is added to the libs directory.
2.5 360 reinforcement
2. There are several new so files in Assets directory: libjiagu. So, libjiagu_ls.so, libjiagu_x86.so, and libjiagu_art.so.
2.6 Ali Cloud Hardening
1. The shell entry point is still the original APK entry point, but the methods are extracted and native. 2. After hardening, a new file will be added in Assets directory: libdemolishdata.so 3. After the hardening, a new file is added to the libs directory: libdemolish.so
2.7 Baidu Reinforcement
1. The apk entry point into the reinforced com. Baidu. Protect. 2 StubApplication assets and libs directory will add several files are: Libbaiduprotect.so, libbaiduprotect_xx. so, libbaiduprotect_art.so, baiduprotect1.jar.
2.8 Naga Reinforcement
1. After the hardening, the libs directory will add several so files: libddog.so, libcdog.so, libfdog.so
2.9 Top image reinforcement
1. After the reinforcement, the entry points of APK are still the original ones, but all of them are native, and all of them are in so file, and corresponding methods are written by ARM. 2. After the security hardening, add the libjni.so and libsec.so files in the libs directory
3. Identify the mobile terminal to be hardened
3.1 Identification and detection methods
By directly reading the file feature attributes in the APK file and comparing, as long as there are corresponding hardening feature attributes in the APK, it is proved that the APK is hardened.
3.2 Code Implementation
The following is a C++ implementation to read the apk file (apk file is actually a zip file) and compare the implementation code
CString CApkScanToolDlg::IsAndroidApkProtect(a)
{
CString EncryptType;
vector<CString>::iterator it;
UpdateData(FALSE);
ZipFileData m_zipFiledata;
m_zipFiledata.GetZipFileData(m_filePath.GetBuffer(m_filePath.GetLength()));
for(it= m_zipFiledata.m_fileInfo.begin(a); it ! = m_zipFiledata.m_fileInfo.end(a); it++) { CString ExtenName =GetFileExtenName(*it);
if("so" == ExtenName || "dex" == ExtenName || "dat" == ExtenName)
{
CString temp =GetFileName(*it);
if("libtup.so" == temp || "libexec.so" == temp || "libshell.so" == temp || "mix.dex" == temp)
{
EncryptType = "Tencent";
return EncryptType;
}
else if("libsgmain.so" == temp || "aliprotect.dat" == temp || "libsgsecuritybody.so" == temp || "libmobisec.so" == temp)
{
EncryptType = "Ali gather security.";
return EncryptType;
}
else if("libchaosvmp.so" == temp || "libddog.so" == temp || "libfdog.so" == temp )
{
EncryptType = "Naga";
return EncryptType;
}
else if("libkwscmm.so" == temp || "libkwscr.so" == temp || "libkwslinker.so" == temp)
{
EncryptType = "Kiwi security";
return EncryptType;
}
else if("libtosprotection.x86.so"== temp || "libtosprotection.armeabi-v7a.so" == temp || "libtosprotection.armeabi.so" == temp)
{
EncryptType = "Tencent Royal Security";
return EncryptType;
}
else if("libsecexe.so" == temp || "libtosprotection.armeabi-v7a.so" == temp || "libtosprotection.armeabi.so" == temp)
{
EncryptType = "Bang bang Free";
return EncryptType;
}
else if("libDexHelper.so" == temp || "libDexHelper-x86.so" == temp )
{
EncryptType = "Bang Bang Corporate";
return EncryptType;
}
else if("libexec.so" == temp || "libexecmain.so" == temp || "ijiami.dat" == temp )
{
EncryptType = "Love Encryption Free edition";
return EncryptType;
}
else if("libprotectClass.so" == temp || "libjiagu.so" == temp || "libjiagu_art.so" == temp || "libjiagu_x86.so" == temp)
{
EncryptType = "360";
return EncryptType;
}
else if("libegis.so" == temp || "libNSaferOnly.so" == temp )
{
EncryptType = "Payment shield";
return EncryptType;
}
else if("ijiami.ajm" == temp )
{
EncryptType = "Love Encryption Enterprise edition";
return EncryptType;
}
else if("libedog.so" == temp )
{
EncryptType = "Naga Enterprise edition";
return EncryptType;
}
else if("libnqshield.so" == temp )
{
EncryptType = "Nets qin";
return EncryptType;
}
else if("librsprotect.so" == temp )
{
EncryptType = "Rising";
return EncryptType;
}
else if("libbaiduprotect.so" == temp )
{
EncryptType = "Baidu";
return EncryptType;
}
else if("libapssec.so" == temp )
{
EncryptType = "Shanda Encryption";
return EncryptType;
}
else if("libx3g.so" == temp )
{
EncryptType = "Top Image Technology";
return EncryptType;
}
else if("libAPKProtect.so" == temp )
{
EncryptType = "APKProtect";
return EncryptType;
}
else if("libnesec.so" == temp )
{
EncryptType = "Netease Yi Dun";
return EncryptType;
}
}
}
EncryptType = "Congratulations on not hardening the App file.";
return EncryptType;
}
Copy the code