[DETECTION] Unknown libsgmain.so

[enovella]

Provide the file id.dana com.globe.gcash.android

APKiD current results... Please provide current output from APKiD on this file. Include the APKiD header which provides the version, e.g. -

[*] ./split_config.arm64_v8a.apk!lib/arm64-v8a/libsgmain.so!lib/arm64-v8a/libsgmainso-5.4.193.so
 |-> anti_hook : syscalls

Additional context

• https://blog.csdn.net/qq_34848238/article/details/88747153?spm=1001.2101.3001.4242.1&utm_relevant_index=3
• https://habr.com/en/companies/drweb/articles/452076/
• https://blog.csdn.net/feibabeibei_beibei/article/details/87364709
• https://github.com/strazzere/android-unpacker/blob/master/native-unpacker/definitions.h#L34 // cc @strazzere do you know this library name?

[ghost]

Looks like it's from Alibaba cloud

Another sample, UC browser: https://apkcombo.com/uc-browser/com.UCMobile.intl/

Smali file `smali\com\alibaba\wireless\security\framework\d.smali` contains following strings

libsgmain
libsgsecuritybody
libsgmiddletier

Since libsmain.so is an APK file, you can decompile it or load in jadx

com.globe.gcash.android and id.dana

lib/xxx/libsgmain.so!lib/xxx/libsgmainso-XXXX.so (as mentioned above)

com/alibaba/wireless/security/open/SecException
alibaba/wireless/security/framework/SGPluginExtras
us-ummt.alibaba.com
com/alibaba/wireless/security/open/litevm/LiteVMParameterWrapper

Reference:

• https://www.alibabacloud.com/help/en/mobile-platform-as-a-service/latest/access-android-faq
• https://github.com/ylcangel/crack_libsgmain

[ghost]

LibChecker has a rule for it. "阿里聚安全" translates to "Alibaba Security": https://github.com/LibChecker/LibChecker-Rules/blob/master/native-libs/libsgmain.so.json

[enovella]

Okay, thanks for the info! I will try to find time to create a rule for it.