应用安全
隐藏自己
通过反射进行查验是否已经被突破,反射的方法名等参数可以使用加密字符串,可以参考 https://github.com/MichaelRocks/paranoid 并使用 Gradle Plugin 进行动态设置。
获取签名信息
从 Android 9.0 开始 packageInfo.signatures 被废弃,推荐使用 packageInfo.signingInfo 内的签名信息。
public class SignCheckUtil {
private Context context;
private String cer = null;
private String type = "SHA1";
private String sha1RealCer = "签名SHA1值";
private String md5RealCer = "签名MD5";
private static final String TAG = "sign";
public SignCheckUtil(Context context,String type) {
this.context = context;
this.type = type;
}
/**
* 获取应用的签名
*
* @return
*/
public String getCertificateSHA1Fingerprint() {
String hexString = "";
//获取包管理器
PackageManager pm = context.getPackageManager();
//获取当前要获取 SHA1 值的包名,也可以用其他的包名,但需要注意,
//在用其他包名的前提是,此方法传递的参数 Context 应该是对应包的上下文。
String packageName = context.getPackageName();
//签名信息
Signature[] signatures = null;
try {
if (Build.VERSION.SDK_INT > Build.VERSION_CODES.P) {
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNING_CERTIFICATES);
SigningInfo signingInfo = packageInfo.signingInfo;
signatures = signingInfo.getApkContentsSigners();
} else {
//获得包的所有内容信息类
PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
signatures = packageInfo.signatures;
}
// Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
//将签名转换为字节数组流
InputStream input = new ByteArrayInputStream(cert);
//证书工厂类,这个类实现了出厂合格证算法的功能
CertificateFactory cf = CertificateFactory.getInstance("X509");
//X509 证书,X.509 是一种非常通用的证书格式
X509Certificate c = null;
c = (X509Certificate) cf.generateCertificate(input);
//加密算法的类,这里的参数可以使 MD4,MD5 等加密算法
MessageDigest md = MessageDigest.getInstance(type);
//获得公钥
byte[] publicKey = md.digest(c.getEncoded());
//字节到十六进制的格式转换
hexString = byte2HexFormatted(publicKey);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return hexString.trim();
}
//这里是将获取到得编码进行16 进制转换
private String byte2HexFormatted(byte[] arr) {
StringBuilder str = new StringBuilder(arr.length * 2);
for (int i = 0; i < arr.length; i++) {
String h = Integer.toHexString(arr[i]);
int l = h.length();
if (l == 1)
h = "0" + h;
if (l > 2)
h = h.substring(l - 2, l);
str.append(h.toUpperCase());
if (i < (arr.length - 1))
str.append(':');
}
return str.toString();
}
/**
* 检测签名是否正确
*
* @return true 签名正常 false 签名不正常
*/
public boolean check() {
if (this.sha1RealCer != null || md5RealCer!= null) {
cer = getCertificateSHA1Fingerprint();
// Log.d(TAG, "check: " + cer);
if ((TextUtils.equals(type,"SHA1") && this.cer.equals(this.sha1RealCer)) || (TextUtils.equals(type,"MD5") && this.cer.equals(this.md5RealCer))) {
return true;
}
}
return false;
}
}