1.先校验包是否是你的包,也就是签名是否是你的,如果不是verify 就是一直为0 ,verify不为1的时候调用这个so库是不执行的。
//获取包名
jclass j_clz_context = env->GetObjectClass(context);
jmethodID j_mid_packege = env->GetMethodID(j_clz_context,"getPackageName","()Ljava/lang/String;");
jstring j_packege_name = (jstring)env->CallObjectMethod(context,j_mid_packege);
const char * c_packege_name = env->GetStringUTFChars(j_packege_name,NULL);
LOGD("%s",c_packege_name);
//对比包名是否一样
if(strcmp(c_packege_name,ndk_packege_name) != 0){
LOGD("%s","packegename isn't ture");
return;
}
//获取签名
//1.获取PackageManager
jmethodID j_mid_PackageManager = env->GetMethodID(j_clz_context,"getPackageManager","()Landroid/content/pm/PackageManager;");
jobject j_PackageManager = env->CallObjectMethod(context,j_mid_PackageManager);
//2.获取PackageInfo
jclass j_cla_PackageManager = env->GetObjectClass(j_PackageManager);
jmethodID j_mid_PackageInfo = env->GetMethodID(j_cla_PackageManager,"getPackageInfo","(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;");
jobject j_PackageInfo = env->CallObjectMethod(j_PackageManager,j_mid_PackageInfo,j_packege_name,0x00000040);
//3.获取数组
jclass j_clz_PackageInfo = env->GetObjectClass(j_PackageInfo);
jfieldID j_fid_signature = env->GetFieldID(j_clz_PackageInfo,"signatures","[Landroid/content/pm/Signature;");
jobjectArray j_signatures = (jobjectArray) env->GetObjectField(j_PackageInfo,j_fid_signature);
//4.取数组第0个值
jobject signature_first = env->GetObjectArrayElement(j_signatures,0);
jclass j_clz_signature_first = env->GetObjectClass(signature_first);
jmethodID j_mid_ = env->GetMethodID(j_clz_signature_first,"toCharsString","()Ljava/lang/String;");
jstring j_signature = (jstring) env->CallObjectMethod(signature_first,j_mid_);
const char * c_signature = env->GetStringUTFChars(j_signature,NULL);
//LOGD("sign:%s,wjj",c_signature);
//比对签名是否一样
int i = strcmp(c_signature,ndk_signature);
if( i != 0){
LOGD("sign:%s,%d","比对失败",i);
return;
}
LOGD("sign:%s","比对成功");
env->DeleteLocalRef(j_clz_context);
env->DeleteLocalRef(j_PackageManager);
env->DeleteLocalRef(j_cla_PackageManager);
env->DeleteLocalRef(j_PackageInfo);
env->DeleteLocalRef(j_signatures);
env->DeleteLocalRef(signature_first);
env->DeleteLocalRef(j_clz_signature_first);
env->DeleteLocalRef(j_signature);
env->ReleaseStringUTFChars(j_signature,0);
env->ReleaseStringUTFChars(j_packege_name,0);
verify = 1;
2.加密函数,把你要传入的json 传入到c++层,并加盐值(与服务器规定好盐值,如当前时间,包名等等)后MD5返回给java层
3.java层就能把明文的数据和c层加密后的MD5一同发给服务器校验,如果一致,认同是本app发送的数据,可以通信。
4.把编译好的so动态库进行加壳处理,增加逆向成本