May 30, 2021 Article blog
1. Love encryption reinforcement:
Love encryption hardening typically has two Application entry classes, SuperApplication and NativeApplication, the shell entry point is com.shell.SuperApplication, the assets directory has ijiami .dat, ijiami2 .dat, ijiami.ajm, the shell so is libexec.so and libexecmain.so, they may be in the libs directory or the assets directory.
2. Reinforcement:
The Assets directory has secData0 .jar, the libs directory is libSecShell.so, libSecShell_x86.so, libSecShell_art.so, etc., and the shell is com.secshell.shellwrapper.SecAppWrapper.
3. 360 Reinforcement:
Assets directory is often: libjiagu.so,libjiagu_ls.so.libjiagu_x86.so.libjiagu_art.so, etc., the application of the shell is often com.stub.StubApp, the previous version may be com.stub.stubxxxxxx, the shell entrance is com.stub.stub01.Stub01.
4. Alibaba Cloud Reinforcement:
The Assets directory is libdemolishdata.so, the libs directory is libdemolish.so, and the entry point of the shell is generally the original entry point, but the methods are extracted and native.
5. Tencent Lego:
The Libs catalog is often: liblegudb.so, libshella-2.10.2.3.so, mix.dex, and the entry point for the shell is com.tencent.StubShell.TxAppEntry.
6. Baidu Reinforcement:
Assets directories and libs directories are often: libbaiduprotect.so, libbaiduprotect_x86.so, libbaiduprotect_art.so, baiduprotect1.jar, etc., and the entry point for the shell is com.baidu.protect.StubApplication.
7. Naga Reinforcement:
Libs directories typically have libddog.so, libcdog.so, libfdog.so, and so on.
8. Top elephant reinforcement:
This hardening is not common, and typically the libs directory has a libjni.so or libsec.so, the entry point is the original entry point, and it is all native, but the corresponding method is written using arm in so.