验证APP的签名(防篡改)
Android 安全的基石之一是所有的APP都必须经过数据签名。
准备工作
keytool -genkey -v -keystore myapp.keystore -alias Myapp -keyalg RSA -keysize 2048 -validity 10000
image.png
查看keystore的MD5 及SHA1
keytool -list -v -keystore myapp.keystore
image.png
代码添加
private static String CERTIFICATE_SHA1="E17F3EBA28E3B637EF422712352402AC86B5DCD8";
public static boolean validateAppSignature(Context context){
try{
//get the signature from the package manager
PackageInfo packageInfo=context.getPackageManager().getPackageInfo(context.getPackageName(),PackageManager.GET_SIGNATURES);
Signature[] appSignature = packageInfo.signatures;
//THIS SAMPLE ONLY CHECK THE FIRST CERTIFICATION
for (Signature signature : appSignature){
byte [] signatureBytes = signature.toByteArray();
//calc SHA1 in hex
String currentSignature = calcSHA1(signatureBytes);
return CERTIFICATE_SHA1.equalsIgnoreCase(currentSignature);
}
}catch (Exception e){
e.printStackTrace();
}
return false;
}
private static String calcSHA1(byte[] signatureBytes) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance("SHA1");
//digest.update(signatureBytes);
byte[] signatureHash = md.digest(signatureBytes);
return byteToHex(signatureHash);
}
private static String byteToHex(byte[] bytes) {
final char[] hexArray={'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j=0; j < bytes.length; j++){
v = bytes[j] & 0xFF;
hexChars[j*2] = hexArray[v >>> 4];
hexChars[j*2 + 1 ] = hexArray[v & 0x0f];
}
return new String(hexChars);
}
然后在代码的不同地方调用些方法就可以了,多处验证
boolean isvali=Utils.validateAppSignature(this);
if (!isvali){
AlertDialog dialog =new AlertDialog.Builder(this)
//.setTitle(getString(R.string.update_version_title))
.setMessage(R.string.signature_fail)
.setPositiveButton(android.R.string.ok,new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
finish();
}
})
.setNegativeButton(android.R.string.cancel,new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
finish();
}
}).create();
dialog.show();
}