首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. Android安全
    3. 发新帖
[原创] 分享一个Jeb3的脚本——人脸识别SDK厂商快速识别
发表于: 2021-6-23 22:27 6704

[原创] 分享一个Jeb3的脚本——人脸识别SDK厂商快速识别

我是土匪 活跃值
4
2021-6-23 22:27
6704

好久没冒泡了,丢个脚本刷的存在感^_^

背景

前一段时间帮甲方爸爸搬砖:需要对几十款应用所使用的人脸识别SDK进行快速的识别然后干一些羞羞的事情。

实现

通过搜索引擎找到国内主流的人脸识别SDK厂商,提取特征(纯苦力),在扔进Jeb分析前请先脱壳。不说废话,直接上代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# -*- coding: utf-8 -*-
# FaceSdkDectect
# Code by:我是土匪
 
 
import re
from com.pnfsoftware.jeb.client.api import IScript, IGraphicalClientContext
from com.pnfsoftware.jeb.core import RuntimeProjectUtil
from com.pnfsoftware.jeb.core.actions import Actions, ActionContext, ActionCommentData, ActionXrefsData
from com.pnfsoftware.jeb.core.events import JebEvent, J
from com.pnfsoftware.jeb.core.output import AbstractUnitRepresentation, UnitRepresentationAdapter
from com.pnfsoftware.jeb.core.units.code import ICodeUnit, ICodeItem
from com.pnfsoftware.jeb.core.units.code.java import IJavaSourceUnit, IJavaStaticField, IJavaNewArray, IJavaConstant, IJavaCall, IJavaField, IJavaMethod, IJavaClass
 
face_sdk_classes={
    # 旷视科技
    u'旷视科技-33dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2k6%4k6A6K9g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.megvii.facepp\S*',
    u'旷视科技-45eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2k6%4k6A6K9g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.megvii.idcardquality\S*',
    u'旷视科技-10eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2k6%4k6A6K9g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.megvii.kas\S*',
    u'旷视科技-aebK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2k6%4k6A6K9g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.megvii.kassilentlive.sdk\S*',
    u'旷视科技-b6dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2k6%4k6A6K9g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'megvii.openapi.access\S*',
 
    # 商汤科技
    u'商汤科技-104K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2L8Y4y4W2N6r3W2E0k6g2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.sensetime.senseid.sdk\S*',
 
    # 平安科技
    u'平安科技-tech.pingan.com': r'com.pingan.ai.face.entity\S*',
    u'平安科技-tech.pingan.com': r'com.pingan.ai.face.manager\S*',
 
    # 科大讯飞
    u'科大讯飞-070K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2X3L8s2W2@1k6h3E0Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.iflytek.cloud.FaceRequest\S*',
    u'科大讯飞-e62K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2X3L8s2W2@1k6h3E0Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.iflytek.cloud.FaceDetector\S*',
 
    # 海鑫科金
    u'海鑫科金-41aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2A6M7$3W2Y4L8W2)9J5k6h3y4G2L8g2)9J5k6h3y4F1i4K6t1%4: r'com.hisign.FaceSDK\S*',
    u'海鑫科金-be4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2A6M7$3W2Y4L8W2)9J5k6h3y4G2L8g2)9J5k6h3y4F1i4K6t1%4: r'com.hisign.facedetectv1small\S*',
    u'海鑫科金-2d1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2A6M7$3W2Y4L8W2)9J5k6h3y4G2L8g2)9J5k6h3y4F1i4K6t1%4: r'com.hisign.matching.UvcInputAPI\S*',
 
    # 爱莫科技   
    u'爱莫科技-008K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6L8h3q4D9L8q4)9J5k6s2c8W2j5$3S2Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.aimall.sdk.faceactiondetector\S*',
    u'爱莫科技-70bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6L8h3q4D9L8q4)9J5k6s2c8W2j5$3S2Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.aimall.sdk.trackerdetector\S*',
    u'爱莫科技-335K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6L8h3q4D9L8q4)9J5k6s2c8W2j5$3S2Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.aimall.core\S*',
 
    # 百度
    u'百度AI-2bdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3U0M7`.: r'com.baidu.idl.facesdk\S*',
 
    # (杭州小孔成像)
    u'杭州小孔成像-517K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8X3j5h3y4W2i4K6u0W2N6r3g2U0K9q4)9J5y4H3`.`.: r'com.dface.api.FaceDetect\S*',
    u'杭州小孔成像-b9cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8X3j5h3y4W2i4K6u0W2N6r3g2U0K9q4)9J5y4H3`.`.: r'com.dface.api.FaceCompare\S*',
    u'杭州小孔成像-6beK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8X3j5h3y4W2i4K6u0W2N6r3g2U0K9q4)9J5y4H3`.`.: r'com.dface.api.FaceTrack\S*',
    u'杭州小孔成像-83aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8X3j5h3y4W2i4K6u0W2N6r3g2U0K9q4)9J5y4H3`.`.: r'com.dface.dto.LicenseInfoType\S*',
 
 
    # Seetatech中科视拓
    u'中科视拓-6aeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2k6i4c8S2N6r3g2U0K9q4)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'com.seeta.sdk\S*',
 
    # 云从科技
    u'广州云从科技-177K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4D9L8%4g2V1N6$3q4D9K9#2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'cn.cloudwalk.FaceInterface\S*',
    u'广州云从科技-c34K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4D9L8%4g2V1N6$3q4D9K9#2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'cn.cloudwalk.callback.FaceInfoCallback\S*',
    u'广州云从科技-4fdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4D9L8%4g2V1N6$3q4D9K9#2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'cn.cloudwalk.sdk.FaceInfo\S*',
    u'广州云从科技-c51K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4D9L8%4g2V1N6$3q4D9K9#2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'cn.cloudwalk.sdk.realtime.FaceInfoCallback\S*',
    u'广州云从科技-b3aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4D9L8%4g2V1N6$3q4D9K9#2)9J5k6h3y4G2L8g2)9J5y4H3`.`.: r'cn.cloudwalk.libproject\S*',
 
 
    # 杭州虹软
    u'杭州虹软科技-a28K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6i4K6u0W2j5i4u0U0M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5k6h3y4F1i4K6t1%4: r'com.arcsoft.facetracking\S*',
    u'杭州虹软科技-424K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4A6i4K6u0W2j5i4u0U0M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5k6h3y4F1i4K6t1%4: r'com.arcsoft.facerecognition\S*',
 
    # FaceTec
    u'FaceTec-dev.facetec.com/': r'com.facetec.sdk.FaceTecSDK\S*',
    u'FaceTec-dev.facetec.com/': r'com.facetec.sdk.FaceTecSessionStatus\S*',
    u'FaceTec-dev.facetec.com/': r'com.facetec.sdk.FaceTecSDKStatus\S*',
 
 
    # 依图科技
    u'上海依图科技-9dcK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2&6K9i4c8#2N6r3g2U0K9q4)9J5k6h3y4G2L8g2)9J5c8W2)9J5y4H3`.`.: r'com.yitutech.face\S*',
 
 
 
}
found_sdk=[]
class FaceSdkDectect(IScript):
 
    def run(self, ctx):
        global face_sdk_classes
        global found_sdk
        engctx = ctx.getEnginesContext()
        if not engctx:
            print('Back-end engines not initialized')
            return
 
        projects = engctx.getProjects()
        if not projects:
            print('There is no opened project')
            return
 
        project = projects[0] # Get current project(IRuntimeProject)
        print('Decompiling code units of %s...' % project)
 
        codeUnit = RuntimeProjectUtil.findUnitsByType(project, ICodeUnit, False) # Get the current codeUnit(ICodeUnit)
 
        for unit in codeUnit:
            classes = unit.getClasses() # Get a reference to the Java class defined in this unit
 
            for cls in classes:
                # print(cls)
                for (key, value) in face_sdk_classes.items():
                    pattern =  re.compile(value, re.I)
                    x = pattern.search(str(cls))
                    if(x):
                        found_sdk.append(key)
        found_sdk = list(set(found_sdk))
        print("FaceSdkDectect ------------------------------------------------")
        for sdk in found_sdk:
            print(sdk.encode('utf-8', errors='ignore').decode('utf-8'))
        print("FaceSdkDectect ------------------------------------------------")

Github地址:欢迎提交PR


[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!

最后于 2021-6-23 22:33 被我是土匪编辑 ,原因:
收藏
免费 1
支持
分享
最新回复 (3)
LeadroyaL
雪    币: 4752
活跃值: (2922)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
私信
2
额,有两句想说的,无恶意;

一是1202 年了咱用 jeb3 吧;
二是简单的功能还是别用 jeb 了,grep 一下可能效果更好;
2021-6-23 22:31
1
我是土匪
雪    币: 571
活跃值: (2408)
能力值: ( LV12,RANK:210 )
在线值:
发帖
回帖
粉丝
私信
3
LeadroyaL 额,有两句想说的,无恶意; 一是1202 年了咱用 jeb3 吧; 二是简单的功能还是别用 jeb 了,grep 一下可能效果更好;
哈哈,手残了,是jeb3的,jeb用习惯了
2021-6-23 22:33
1
淡定小胖子
雪    币: 1565
活跃值: (2417)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
感谢分享。
2021-6-24 11:04
1
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回