近日在360平台上架app,安全等级居然是0分,代码已经混淆了。看到有一项是防止二次打包,于是网上搜,有一篇文章:Android APP如何防止二次打包揭秘
不过最后没有和MD5值比较。下面是我结合网上的其他代码写的:
/**
* 校验应用签名
*
* @param context
*/
public static boolean checkSignInfo(Context context,String MD5) {
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(sign.toByteArray());
byte[] digest = md.digest();
String res = toHexString(digest);
if (MD5.equals(res)){
return true;
}
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return false;
}
/**
* 转成十六进制
* @param b
* @param buf
*/
private static void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', '8','9',
'A', 'B','C', 'D', 'E', 'F'};
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/**
* 格式化MD5值
* @param block
* @return
*/
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len - 1) {
buf.append(":");
}
}
return buf.toString();
}
结果还是0分,无奈用360的加固,评分100。。。。。。