|
|
|
@ -15,36 +15,22 @@ import android.util.Log; |
|
|
|
|
|
|
|
public class SignatureCheck { |
|
|
|
|
|
|
|
//we store the hash of the signture for a little more protection |
|
|
|
private static final String APP_SIGNATURE = "A4BB8351A51F950F74CF6B42A6C5C90971C2B36A"; |
|
|
|
|
|
|
|
/** |
|
|
|
* Query the signature for this application to detect whether it matches the |
|
|
|
* signature of the real developer. If it doesn't the app must have been |
|
|
|
* resigned, which indicates it may been tampered with. |
|
|
|
* |
|
|
|
* @param context |
|
|
|
* @return true if the app's signature matches the expected signature. |
|
|
|
* @throws NameNotFoundException |
|
|
|
*/ |
|
|
|
|
|
|
|
public boolean validateAppSignature(Context context) throws Exception { |
|
|
|
|
|
|
|
PackageInfo packageInfo = context.getPackageManager().getPackageInfo( |
|
|
|
context.getPackageName(), PackageManager.GET_SIGNATURES); |
|
|
|
//note sample just checks the first signature |
|
|
|
for (Signature signature : packageInfo.signatures) { |
|
|
|
// SHA1 the signature |
|
|
|
|
|
|
|
String sha1 = getSHA1(signature.toByteArray()); |
|
|
|
// check is matches hardcoded value |
|
|
|
Log.d("SignatureHash","Sha: "+sha1); |
|
|
|
return APP_SIGNATURE.equals(sha1); |
|
|
|
} |
|
|
|
|
|
|
|
return false; |
|
|
|
} |
|
|
|
|
|
|
|
//computed the sha1 hash of the signature |
|
|
|
public static String getSHA1(byte[] sig) throws NoSuchProviderException, NoSuchAlgorithmException { |
|
|
|
MessageDigest digest = MessageDigest.getInstance("SHA1"); |
|
|
|
digest.update(sig); |
|
|
|
@ -66,9 +52,5 @@ public class SignatureCheck { |
|
|
|
return new String(hexChars); |
|
|
|
} |
|
|
|
|
|
|
|
public boolean validateAppSignatureByPass(Context context) |
|
|
|
{ |
|
|
|
return true; |
|
|
|
} |
|
|
|
|
|
|
|
} |
preyearegmi
6 years ago