网站首页 > 技术文章 正文
往期文章
安卓逆向 -- NDK开发实现MD5算法
安卓逆向 -- 调用其他APK的SO文件
源码获取方式:公众号回复20211024
0、前言
上节课我们演示了,如何调用别人的SO文件,从而达到某些效果,这节课我们给SO层加上验证,如果其他apk调用就会报错
1、java层声明校验签名函数
public static native void signatureversify(Context ctx);2、java层获取包名
PackageInfo packageInfo=null;
try {
packageInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
Signature[] signatures = packageInfo.signatures;
Log.d("aiyou",signatures[0].toCharsString());
运行结果:
308202e4308201cc020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b30090603550406130255533020170d3230313031393030333633315a180f32303530313031323030333633315a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330820122300d06092a864886f70d01010105000382010f003082010a0282010100d6e4f2c430ce9ae14f70845f709f8ce07e0cbd1a87f747ebc6e9b8530ebcd3eb71dc86f21e72975c9e2a8836c2c7f7c8714625a0f06f6e4988c99184a6c1d04a23bdb31dd634f410fd9c8cc912816bfac6cb077c07190965e9667b4be942723fe1d5aa3ce589218ecca5830e22e45785532aac801244d2675da8d8bf66ef88fa02140bd73b49264b5b026c8a98bd19daa06e616d32da093b4cffb679327d58c95dc296417015a7d63f0854b6c4645bc8427dd0c9c9a4fb786ec20102c7b0bea91f27d613baf628277da85d2f00a0a0b1a5f76affad01c54d1d225b12f7806ab2554f9a369f0910f116f5662c87066886209c7568e4a02b6153ac7bf5db5ebc010203010001300d06092a864886f70d01010505000382010100cc32524989096d80392a276933ec4952ec6a569ef14039bcd71d7687d9b5d3acfcbb0715e1cddf149e6e3f6cfb5d8f74ab6cc6724ec9cfc0ff0696ed4aac8661550bf5710a3a30bfe2d42ecb513aadd3232c1e4c098c6b8ff2c706cc05f58011709bbfea7a9099adc3a930c6b3848620e164dca12e25cd75cf8a4aa4dcb9de0672fd8ba3a991af67a05792fa760454bdbca0a9cfe4afaddfb4d48f9f66bd722c6cca9b6844c529ff036791c856ae2b4d5b505a393e6267d764bd1e11f5387bfce08175d46dfb0ff9518fc5ea6437e987337e21c1a528c9b925e4503ef42877791f443afc4780d30e90f66f5eb1d0619cd6caf40b0197721a53ff8efb3ed8ac2d3、C层实现校验
static int is_veify=0;
static char* pname="com.bucuo.ndk20211010";
static char* sign="308202e4308201cc020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b30090603550406130255533020170d3230313031393030333633315a180f32303530313031323030333633315a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330820122300d06092a864886f70d01010105000382010f003082010a0282010100d6e4f2c430ce9ae14f70845f709f8ce07e0cbd1a87f747ebc6e9b8530ebcd3eb71dc86f21e72975c9e2a8836c2c7f7c8714625a0f06f6e4988c99184a6c1d04a23bdb31dd634f410fd9c8cc912816bfac6cb077c07190965e9667b4be942723fe1d5aa3ce589218ecca5830e22e45785532aac801244d2675da8d8bf66ef88fa02140bd73b49264b5b026c8a98bd19daa06e616d32da093b4cffb679327d58c95dc296417015a7d63f0854b6c4645bc8427dd0c9c9a4fb786ec20102c7b0bea91f27d613baf628277da85d2f00a0a0b1a5f76affad01c54d1d225b12f7806ab2554f9a369f0910f116f5662c87066886209c7568e4a02b6153ac7bf5db5ebc010203010001300d06092a864886f70d01010505000382010100cc32524989096d80392a276933ec4952ec6a569ef14039bcd71d7687d9b5d3acfcbb0715e1cddf149e6e3f6cfb5d8f74ab6cc6724ec9cfc0ff0696ed4aac8661550bf5710a3a30bfe2d42ecb513aadd3232c1e4c098c6b8ff2c706cc05f58011709bbfea7a9099adc3a930c6b3848620e164dca12e25cd75cf8a4aa4dcb9de0672fd8ba3a991af67a05792fa760454bdbca0a9cfe4afaddfb4d48f9f66bd722c6cca9b6844c529ff036791c856ae2b4d5b505a393e6267d764bd1e11f5387bfce08175d46dfb0ff9518fc5ea6437e987337e21c1a528c9b925e4503ef42877791f443afc4780d30e90f66f5eb1d0619cd6caf40b0197721a53ff8efb3ed8ac2d";
/*获取签名值
* PackageInfo packageInfo=null;
packageInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
Signature[] signatures = packageInfo.signatures;
* */
//获取包名
jclass jclazz=env->GetObjectClass(ctx);
jmethodID methodid=env->GetMethodID(jclazz,"getPackageName", "()Ljava/lang/String;");
jstring jpname= static_cast<jstring>(env->CallObjectMethod(ctx, methodid));
//对比包名是否一样
const char *cpname=env->GetStringUTFChars(jpname,NULL);
if (strcmp(cpname,pname)!=0)
return;
__android_log_print(ANDROID_LOG_ERROR,"aiyou","包名一致:%s",cpname);
//获取签名
methodid=env->GetMethodID(jclazz,"getPackageManager", "()Landroid/content/pm/PackageManager;");
jobject pmanager=env->CallObjectMethod(ctx,methodid);
jclazz=env->GetObjectClass(pmanager);
methodid=env->GetMethodID(jclazz,"getPackageInfo", "(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;");
jobject packinfoobj=env->CallObjectMethod(pmanager,methodid,jpname,64);
jclazz=env->GetObjectClass(packinfoobj);
jfieldID signfid=env->GetFieldID(jclazz,"signatures", "[Landroid/content/pm/Signature;");
jobjectArray signarray= static_cast<jobjectArray>(env->GetObjectField(packinfoobj, signfid));
jobject sign0=env->GetObjectArrayElement(signarray,0);//signatures[0]
jclazz=env->GetObjectClass(sign0);
methodid=env->GetMethodID(jclazz,"toCharsString", "()Ljava/lang/String;");
jstring jsignstr= static_cast<jstring>(env->CallObjectMethod(sign0, methodid));
const char* csignstr=env->GetStringUTFChars(jsignstr,NULL);
if(strcmp(csignstr,sign)!=0){
return;
}
is_veify=1;禁止非法,后果自负
欢迎关注公众号:逆向有你
欢迎关注视频号:之乎者也吧
猜你喜欢
- 2024-10-02 鲁大师发的新版本,分数真的变准了?
- 2024-10-02 互联网技术|安卓应用测试速查表 android 测试网站
- 2024-10-02 一个人竟然撸了一个滴滴 App 一个人坐滴滴安全吗
- 2024-10-02 Android Apk 文件反编译和重新打包的过程分析
- 2024-10-02 安卓逆向ADB工具的使用 android逆向是什么意思
- 2024-10-02 APP备案常见问题2 app备案需要多久
- 2024-10-02 挖穿Android第四十七天 红岩中挖穿地道助狱友逃生的是谁
- 2024-10-02 鲁大师安卓9.0全新版本上线,从“精”定义手机跑分!
- 2024-10-02 微信安卓版8.0.35开发者内容发布 安卓微信发布 8.0 正式版,加入多个新功能!
- 2024-10-02 微信安卓8.0.34最新官方正式版下载发布
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- oraclesql优化 (66)
- 类的加载机制 (75)
- feignclient (62)
- 一致性hash算法 (71)
- dockfile (66)
- 锁机制 (57)
- javaresponse (60)
- 查看hive版本 (59)
- phpworkerman (57)
- spark算子 (58)
- vue双向绑定的原理 (68)
- springbootget请求 (58)
- docker网络三种模式 (67)
- spring控制反转 (71)
- data:image/jpeg (69)
- base64 (69)
- java分页 (64)
- kibanadocker (60)
- qabstracttablemodel (62)
- java生成pdf文件 (69)
- deletelater (62)
- com.aspose.words (58)
- android.mk (62)
- qopengl (73)
- epoch_millis (61)
本文暂时没有评论,来添加一个吧(●'◡'●)