如何防止二次打包
2017-09-14 15:43
393 查看
思路:比较打包证书的hashcode 或者 md5 值,如果二次打包了,那么这个值应该就不一致了。
public class SecondPackage{
private final static String TAG = "SecondPackage"
public SecondPackage(Context context){
// TODO Auto-generated constructor stub
this.context = context;
}
private Context context;
/************protect second package*******************/
private void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
public boolean getSignInfo() {
boolean checkright = false;
try {
PackageInfo packageInfo = context.getApplicationContext().getPackageManager().getPackageInfo(
"com.xxx.xxx", PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
int code = sign.hashCode();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(sign.toByteArray());
byte[] digest = md.digest();
String res = toHexString(digest);
Log.e(TAG, "apk md5:"+res);
//if (code == xxxxxxxxx) {
Log.i(TAG, "hashCode:" + code);
//对比MD5值和hashcode是否和自己原来的MD5相同
if(res.equals("xxxxxxxxxx")
&& code == yyyyyyyyyy){
checkright = true;
}
//parseSignature(sign.toByteArray());
} catch (Exception e) {
e.printStackTrace();
}
return checkright;
}
void parseSignature(byte[] signature) {
try {
CertificateFactory certFactory = CertificateFactory
.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory
.generateCertificate(new ByteArrayInputStream(signature));
byte[] buffer = cert.getEncoded();
System.out.println( "md5: "+ new String(buffer));
} catch (CertificateException e) {
e.printStackTrace();
}
}
/***********************************/
}
调用的时候
SecondPackage sePa= new SecondPackage(this);
if(!sePa.getSignInfo()){
finish();
}
public class SecondPackage{
private final static String TAG = "SecondPackage"
public SecondPackage(Context context){
// TODO Auto-generated constructor stub
this.context = context;
}
private Context context;
/************protect second package*******************/
private void byte2hex(byte b, StringBuffer buf) {
char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F' };
int high = ((b & 0xf0) >> 4);
int low = (b & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
}
/*
* Converts a byte array to hex string
*/
private String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block[i], buf);
if (i < len-1) {
buf.append(":");
}
}
return buf.toString();
}
public boolean getSignInfo() {
boolean checkright = false;
try {
PackageInfo packageInfo = context.getApplicationContext().getPackageManager().getPackageInfo(
"com.xxx.xxx", PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
int code = sign.hashCode();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(sign.toByteArray());
byte[] digest = md.digest();
String res = toHexString(digest);
Log.e(TAG, "apk md5:"+res);
//if (code == xxxxxxxxx) {
Log.i(TAG, "hashCode:" + code);
//对比MD5值和hashcode是否和自己原来的MD5相同
if(res.equals("xxxxxxxxxx")
&& code == yyyyyyyyyy){
checkright = true;
}
//parseSignature(sign.toByteArray());
} catch (Exception e) {
e.printStackTrace();
}
return checkright;
}
void parseSignature(byte[] signature) {
try {
CertificateFactory certFactory = CertificateFactory
.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory
.generateCertificate(new ByteArrayInputStream(signature));
byte[] buffer = cert.getEncoded();
System.out.println( "md5: "+ new String(buffer));
} catch (CertificateException e) {
e.printStackTrace();
}
}
/***********************************/
}
调用的时候
SecondPackage sePa= new SecondPackage(this);
if(!sePa.getSignInfo()){
finish();
}
相关文章推荐
- 如何防止APP被二次打包
- Android APP如何防止二次打包------对比签名
- Android APP如何防止二次打包
- Android APP如何防止二次打包
- 如何防止 Android 应用被二次打包?(转自知乎)
- 【分享】Android APP如何防止二次打包
- APP如何防止二次打包
- Android APP如何防止二次打包
- Unity中针对Android Apk的签名验证(C#实现),防止二次打包
- NDK进阶 应用签名校验 防止so库被二次打包
- C++如何防止头文件被二次编译
- Android通过签名验证防止二次打包
- Android防止APK被反编译和二次打包
- Unity中针对Android Apk的签名验证(C#实现),防止二次打包
- 如何防止app二次打包
- Android 判断签名MD5——防止二次打包
- Android 应用防止被二次打包指南
- 获取应用程序的签名,防止二次打包
- Android 应用防止被二次打包指南
- Android 应用程序反逆向、反篡改、防止二次打包以及目前各大主流安全平台加固方案对比相关博客汇总