android签名相关
2014-03-03 20:58
190 查看
Android签名机制
jarsigner -verify -verbose my-app.apk
Basic usage:
unzip ../knox/other-app/my-app.apk
ls META-INF
META-INF/xxx.MF
just a sha1-digest of all files
sha1sum res/layout/public_simple_dropdown_item.xml | \
cut -d ' ' -f 1 | \
xxd -r -p | \
base64
META-INF/xxx.SF
sed -n 4,6p META-INF/xxx.MF | sha1sum | xxd -r -p | base64
META-INF/xxx.RSA
includes a certificate & an encrypted hash value of SF
get certificate:
openssl pkcs7 -inform DER -in META-INF/xxx.RSA -noout -print_certs -text
check SEAndroid mac_permissions.xml
openssl x509 -inform DER -in <(grep -m 1 signer ../knox/config/mac_permissions.xml | cut -d '"' -f 2 | xxd -r -p) -noout -text
deep analysis
??pkcs7, DER, relation of SF and RSA??
pkcs7 - Cryptographic Message Syntax, pkcs is a group of public-key cryptography standards devised and published by RSA Security Inc., starting in the early 1990s.
pkcs7 is defined in RFC 2315.
DER - ASN.1, BER/CER/DER
Conquer! Dump it!
openssl asn1parse -inform DER -in META-INF/xxx.RSA -i
Conquer!! verify it! Relation of RSA and SF
#get encrypted
dd if=META-INF/xxx.RSA of=enc.bin skip=844 bs=1
#get certificate
openssl pkcs7 -inform DER -in META-INF/xxx.RSA -print_certs -out VENDOR.certs
# get public key
openssl x509 -pubkey -in VENDOR.certs -noout >VENDOR.pub
# use public key to verify encrypted text
openssl rsautl -verify -inkey VENDOR.pub -pubin -in enc.bin >dec.bin
# dump encrypted
openssl asn1parse -inform DER -in dec.bin -i
# verify
md5sum META-INF/VENDOR.SF
Conquer!!!signature in certificate
dd if=META-INF/VENDOR.RSA of=./VENDOR.certs.body2 skip=63 bs=1
count=433
dd if=META-INF/VENDOR.RSA of=./VENDOR.certs.sign2 bs=1 skip=516 count=256
--- or ----
tail -n +4 VENDOR.certs | head -n -2 > VENDOR.certs.pure
openssl asn1parse -inform PEM -in VENDOR.certs.pure -strparse 4 -out VENDOR.certs.body -noout
openssl asn1parse -in ./VENDOR.certs.pure -strparse 452 -out VENDOR.certs.sign -noout
------------
openssl dgst -sha256 -verify ./VENDOR.pub -signature ./VENDOR.certs.sign ./VENDOR.certs.body
------------
aosp/build/target/product/security/{platform,media,shared,testkey}.{pk8,x509.pem}
# convert pkcs8 format binary key to PEM
$ openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
# create pkcs12 file that includes both the private key and certificate
$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.p12 -password pass:android -name platform
# since Java's keytool can read pkcs12 files as keystore, it can convert pkcs12 file to native format (BKS or JKS)
$ keytool -importkeystore -deststorepass android -destkeystore test.keystore -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass android
# bonus: use keytool to list the contents
$ keytool -list -v -keystore test.keystore
jarsigner -verify -verbose my-app.apk
Basic usage:
unzip ../knox/other-app/my-app.apk
ls META-INF
META-INF/xxx.MF
just a sha1-digest of all files
sha1sum res/layout/public_simple_dropdown_item.xml | \
cut -d ' ' -f 1 | \
xxd -r -p | \
base64
META-INF/xxx.SF
sed -n 4,6p META-INF/xxx.MF | sha1sum | xxd -r -p | base64
META-INF/xxx.RSA
includes a certificate & an encrypted hash value of SF
get certificate:
openssl pkcs7 -inform DER -in META-INF/xxx.RSA -noout -print_certs -text
check SEAndroid mac_permissions.xml
openssl x509 -inform DER -in <(grep -m 1 signer ../knox/config/mac_permissions.xml | cut -d '"' -f 2 | xxd -r -p) -noout -text
deep analysis
??pkcs7, DER, relation of SF and RSA??
pkcs7 - Cryptographic Message Syntax, pkcs is a group of public-key cryptography standards devised and published by RSA Security Inc., starting in the early 1990s.
pkcs7 is defined in RFC 2315.
DER - ASN.1, BER/CER/DER
Conquer! Dump it!
openssl asn1parse -inform DER -in META-INF/xxx.RSA -i
Conquer!! verify it! Relation of RSA and SF
#get encrypted
dd if=META-INF/xxx.RSA of=enc.bin skip=844 bs=1
#get certificate
openssl pkcs7 -inform DER -in META-INF/xxx.RSA -print_certs -out VENDOR.certs
# get public key
openssl x509 -pubkey -in VENDOR.certs -noout >VENDOR.pub
# use public key to verify encrypted text
openssl rsautl -verify -inkey VENDOR.pub -pubin -in enc.bin >dec.bin
# dump encrypted
openssl asn1parse -inform DER -in dec.bin -i
# verify
md5sum META-INF/VENDOR.SF
Conquer!!!signature in certificate
dd if=META-INF/VENDOR.RSA of=./VENDOR.certs.body2 skip=63 bs=1
count=433
dd if=META-INF/VENDOR.RSA of=./VENDOR.certs.sign2 bs=1 skip=516 count=256
--- or ----
tail -n +4 VENDOR.certs | head -n -2 > VENDOR.certs.pure
openssl asn1parse -inform PEM -in VENDOR.certs.pure -strparse 4 -out VENDOR.certs.body -noout
openssl asn1parse -in ./VENDOR.certs.pure -strparse 452 -out VENDOR.certs.sign -noout
------------
openssl dgst -sha256 -verify ./VENDOR.pub -signature ./VENDOR.certs.sign ./VENDOR.certs.body
------------
aosp/build/target/product/security/{platform,media,shared,testkey}.{pk8,x509.pem}
# convert pkcs8 format binary key to PEM
$ openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out platform.pem
# create pkcs12 file that includes both the private key and certificate
$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.p12 -password pass:android -name platform
# since Java's keytool can read pkcs12 files as keystore, it can convert pkcs12 file to native format (BKS or JKS)
$ keytool -importkeystore -deststorepass android -destkeystore test.keystore -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass android
# bonus: use keytool to list the contents
$ keytool -list -v -keystore test.keystore
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Android 签名相关
- Android应用程序签名相关的理论知识,包括:什么是签名、为什么要给应用程序签名、如何给应用程序签名等。
- android 签名相关
- Android获取应用自身相关签名信息
- android 签名相关
- Android 签名与对齐相关知识详解
- Android应用程序签名步骤及相关知识介绍
- Signing Your Applications(Android签名相关)
- 获取android签名相关信息
- Android签名相关知识整理
- 【Android】debug 状态下其签名文件 debug.keystore 相关(如何获得该文件,其密码,获取其sha1、MD5等)
- Android应用签名打包相关问题
- APK_ Android创建私钥并为APK文件签名的相关命令及图形化方式
- Android上架相关(代码混淆和反编译工具的使用,签名,打包,加固)
- android apk 签名信息 相关
- Android签名相关知识整理
- Android apk签名打包相关的一些事
- Android应用程序签名相关的理论知识,包括:什么是签名、为什么要给应用程序签名、如何给应用程序签名
- Android应用程序签名相关的理论知识
- android数字签名相关命令