gpt4 book ai didi

android - 检查 C/ native 代码中的 .apk 签名

转载 作者:塔克拉玛干 更新时间:2023-11-02 20:51:24 26 4
gpt4 key购买 nike

我开发了一个 Android 应用程序,其中还包含一个用 C 编写的 native 部分(不依赖于应用程序)。

如果共享库不工作,应用程序本身就毫无用处。

我想让 native 部分(一个共享库)只做它的工作,如果存在一个未修改的应用程序版本(.apk),它已经交付。

对我来说最好的方法是这样的:

  1. 安装应用
  2. 共享库检查应用程序/.apk 的签名/哈希
  3. 仅当签名与已知签名匹配时才工作

通过这种方式,我想保护我的应用程序免受修改和盗版。

这样做有什么技巧吗?我刚刚找到了在 Java 中检查自己的签名的帖子,但如果可以反编译应用程序,那就不是开玩笑了。

最佳答案

由于我被要求发布一些代码,我现在如何从 C 中检查我的 Java 应用程序的 CRC 代码,这里有一些 fragment 。

由于性能原因,我无法发布完整的工作解决方案,因为它分布在多行中,但我希望这是最完整和最有效的:

在您的 MyApplication.java 中:

public class MyApplication extends Application {
private static Context context;

public static Context getAppContext() {
return MyApplication.context;
}

@Override
public void onCreate() {
super.onCreate();
MyApplication.context = getApplicationContext();
}
}

Android.mk:

LOCAL_CFLAGS += -O3 -DDEBUG_MODE=0 -DCLASSES_CRC=2331492378

在您的 C 代码中:

#define LOG_TAG "Your Log Tag"

#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)

#if DEBUG_MODE
#define LOGDH(...) LOGD(__VA_ARGS__)
#define LOGIH(...) LOGI(__VA_ARGS__)
#define LOGEH(...) LOGE(__VA_ARGS__)
#else
#define LOGDH(...) //
#define LOGIH(...) //
#define LOGEH(...) //
#endif

int isSecure = -1;

jclass MyApplication;
jclass Context;
jclass ApplicationInfo;


jclass ZipFile;
jclass ZipEntry;
jclass CheckedInputStream;
jclass Adler32;
jclass Checksum;

jmethodID MyApplication_getAppContextMethodId;
jmethodID Context_getApplicationInfoMethodId;

jmethodID ZipFile_ConstructorMethodId;
jmethodID CheckedInputStream_ConstructorMethodId;
jmethodID Adler32_ConstructorMethodId;

jmethodID ZipFile_getEntryMethodId;
jmethodID ZipFile_getInputStreamMethodId;
jmethodID CheckedInputStream_readMethodId;
jmethodID CheckedInputStream_getChecksumMethodId;
jmethodID Checksum_getValueMethodId;

jfieldID ApplicationInfo_flagsFieldId;
jfieldID ApplicationInfo_FLAG_DEBUGGABLEFieldId;
jfieldID ApplicationInfo_sourceDirFieldId;


static long getClassesCRC(JNIEnv *env) {
jobject appContextInstance = (*env)->CallStaticObjectMethod(env,
MyApplication, MyApplication_getAppContextMethodId);
if (!appContextInstance) {
LOGEH("Unable to get instance of AppContext");
return false;
}

jobject applicationInfoInstance = (*env)->CallObjectMethod(env,
appContextInstance, Context_getApplicationInfoMethodId);
if (!appContextInstance) {
LOGEH("Unable to get instance of ApplicationInfo");
return false;
}

jobject zipFileInstance = (*env)->NewObject(env, ZipFile,
ZipFile_ConstructorMethodId,
(*env)->GetObjectField(env, applicationInfoInstance,
ApplicationInfo_sourceDirFieldId));
if (!zipFileInstance) {
LOGEH("Unable to get instance of ZipFile");
return -1;
}

jstring classesDexString = (*env)->NewStringUTF(env, "classes.dex");
jobject zipEntryInstance = (*env)->CallObjectMethod(env, zipFileInstance,
ZipFile_getEntryMethodId, classesDexString);
if (!zipFileInstance) {
LOGEH("Unable to get instance of ZipEntry");
return -1;
}
(*env)->DeleteLocalRef(env, classesDexString);

jobject adler32Instance = (*env)->NewObject(env, Adler32,
Adler32_ConstructorMethodId);
if (!adler32Instance) {
LOGEH("Unable to get instance of Adler32");
return -1;
}

jobject inputStreamInstance = (*env)->CallObjectMethod(env, zipFileInstance,
ZipFile_getInputStreamMethodId, zipEntryInstance);
if (!inputStreamInstance) {
LOGEH("Unable to get instance of InputStream");
return -1;
}

jobject checkedInputStreamInstance = (*env)->NewObject(env,
CheckedInputStream, CheckedInputStream_ConstructorMethodId,
inputStreamInstance, adler32Instance);
if (!checkedInputStreamInstance) {
LOGEH("Unable to get instance of CheckedInputStream");
return -1;
}

int bufferSize = 128;
jbyteArray bufferBytes = (*env)->NewByteArray(env, bufferSize);

while ((*env)->CallIntMethod(env, checkedInputStreamInstance,
CheckedInputStream_readMethodId, bufferBytes) > 0) {
}
(*env)->DeleteLocalRef(env, bufferBytes);

jobject checksumInstance = (*env)->CallObjectMethod(env,
checkedInputStreamInstance, CheckedInputStream_getChecksumMethodId);
if (!checksumInstance) {
LOGEH("Unable to get instance of CheckSum");
return -1;
}

return (*env)->CallLongMethod(env, checksumInstance,
Checksum_getValueMethodId);
}

static bool isDebuggable(JNIEnv *env) {
jobject appContextInstance = (*env)->CallStaticObjectMethod(env,
MyApplication, Application_getAppContextMethodId);
if (!appContextInstance) {
LOGEH("Unable to get instance of AppContext");
return false;
}

jobject applicationInfoInstance = (*env)->CallObjectMethod(env,
appContextInstance, Context_getApplicationInfoMethodId);
if (!appContextInstance) {
LOGEH("Unable to get instance of ApplicationInfo");
return false;
}

int FLAG_DEBUGGABLE = (*env)->GetStaticIntField(env, ApplicationInfo,
ApplicationInfo_FLAG_DEBUGGABLEFieldId);
int flags = (*env)->GetIntField(env, applicationInfoInstance,
ApplicationInfo_flagsFieldId);

return (0 != (flags &= FLAG_DEBUGGABLE));
}

static bool isSecureEnvironment(JNIEnv *env) {

//isSecure = true; // TODO remove this

if (isSecure == -1) {
isSecure = true;

if (isDebuggable(env)) {
// someone used the app in debug-mode
#if DEBUG_MODE != 1
// TODO report

#endif
LOGEH("App IS DEBUGGABLE!");
isSecure = false;
} else {

// check CRC
long classesCRC = getClassesCRC(env);
if (classesCRC != (long) CLASSES_CRC) {
#if DEBUG_MODE != 1
// TODO report
#endif
LOGEH("CRC-CHECK FAILED: %lu", classesCRC);

isSecure = false;
}
}
}
return isSecure;
}


static bool initJavaClasses(JNIEnv * env) {
jclass local = (*env)->FindClass(env, "eu/my/MyApplication");
MyApplication = (*env)->NewGlobalRef(env, local);
if (!MyApplication) {
LOGEH("Unable to find the MyApplication class");
return false;
}
local = (*env)->FindClass(env, "android/content/Context");
Context = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!Context) {
LOGEH("Unable to find the Context class");
return false;
}
local = (*env)->FindClass(env, "android/content/pm/ApplicationInfo");
ApplicationInfo = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!ApplicationInfo) {
LOGEH("Unable to find the ApplicationInfo class");
return false;
}

local = (*env)->FindClass(env, "java/util/zip/ZipFile");
ZipFile = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!ZipFile) {
LOGEH("Unable to find the ZipFile class");
return false;
}

local = (*env)->FindClass(env, "java/util/zip/ZipEntry");
ZipEntry = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!ZipEntry) {
LOGEH("Unable to find the ZipEntry class");
return false;
}

local = (*env)->FindClass(env, "java/util/zip/CheckedInputStream");
CheckedInputStream = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!CheckedInputStream) {
LOGEH("Unable to find the CheckedInputStream class");
return false;
}

local = (*env)->FindClass(env, "java/util/zip/Adler32");
Adler32 = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!Adler32) {
LOGEH("Unable to find the Adler32 class");
return false;
}

local = (*env)->FindClass(env, "java/util/zip/Checksum");
Checksum = (*env)->NewGlobalRef(env, local);
(*env)->DeleteLocalRef(env, local);
if (!Checksum) {
LOGEH("Unable to find the Checksum class");
return false;
}

return true;
}

static bool initJavaMethods(JNIEnv * env) {
MyApplication_getAppContextMethodId = (*env)->GetStaticMethodID(env,
MyApplication, "getAppContext", "()Landroid/content/Context;");
if (!MyApplication_getAppContextMethodId) {
LOGEH("Unable to find the getAppContext method");
return false;
}
Context_getApplicationInfoMethodId = (*env)->GetMethodID(env, Context,
"getApplicationInfo", "()Landroid/content/pm/ApplicationInfo;");
if (!Context_getApplicationInfoMethodId) {
LOGEH("Unable to find the getApplicationInfo method");
return false;
}

ZipFile_ConstructorMethodId = (*env)->GetMethodID(env, ZipFile, "<init>",
"(Ljava/lang/String;)V");
if (!ZipFile_ConstructorMethodId) {
LOGEH("Unable to find the constructor method");
return false;
}

CheckedInputStream_ConstructorMethodId = (*env)->GetMethodID(env,
CheckedInputStream, "<init>",
"(Ljava/io/InputStream;Ljava/util/zip/Checksum;)V");
if (!CheckedInputStream_ConstructorMethodId) {
LOGEH("Unable to find the constructor method");
return false;
}

Adler32_ConstructorMethodId = (*env)->GetMethodID(env, Adler32, "<init>",
"()V");
if (!Adler32_ConstructorMethodId) {
LOGEH("Unable to find the constructor method");
return false;
}

ZipFile_getEntryMethodId = (*env)->GetMethodID(env, ZipFile, "getEntry",
"(Ljava/lang/String;)Ljava/util/zip/ZipEntry;");
if (!ZipFile_getEntryMethodId) {
LOGEH("Unable to find the getEntry method");
return false;
}

ZipFile_getInputStreamMethodId = (*env)->GetMethodID(env, ZipFile,
"getInputStream", "(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream;");
if (!ZipFile_getInputStreamMethodId) {
LOGEH("Unable to find the getInputStream method");
return false;
}

CheckedInputStream_readMethodId = (*env)->GetMethodID(env, CheckedInputStream,
"read", "([B)I");
if (!CheckedInputStream_readMethodId) {
LOGEH("Unable to find the read method");
return false;
}

CheckedInputStream_getChecksumMethodId = (*env)->GetMethodID(env,
CheckedInputStream, "getChecksum", "()Ljava/util/zip/Checksum;");
if (!CheckedInputStream_getChecksumMethodId) {
LOGEH("Unable to find the getChecksum method");
return false;
}

Checksum_getValueMethodId = (*env)->GetMethodID(env, Checksum, "getValue",
"()J");
if (!Checksum_getValueMethodId) {
LOGEH("Unable to find the getValue method");
return false;
}

return true;
}

static bool initJavaFields(JNIEnv * env) {
ApplicationInfo_flagsFieldId = (*env)->GetFieldID(env, ApplicationInfo, "flags",
"I");

if (!ApplicationInfo_flagsFieldId) {
LOGEH("Unable to find the flags field");
return false;
}

ApplicationInfo_FLAG_DEBUGGABLEFieldId = (*env)->GetStaticFieldID(env,
ApplicationInfo, "FLAG_DEBUGGABLE", "I");
if (!ApplicationInfo_FLAG_DEBUGGABLEFieldId) {
LOGEH("Unable to get static field FLAG_DEBUGGABLE");
return false;
}

ApplicationInfo_sourceDirFieldId = (*env)->GetFieldID(env, ApplicationInfo,
"sourceDir", "Ljava/lang/String;");
if (!ApplicationInfo_sourceDirFieldId) {
LOGEH("Unable to get static field sourceDir");
return false;
}

return true;
}


jint JNI_OnLoad(JavaVM* vm, void* reserved) {
(void) reserved; // Suppress the warning.
JNIEnv * env;

if ((*vm)->GetEnv(vm, (void **) &env, JNI_VERSION_1_6) != JNI_OK) {
return -1;
}

if (!initJavaClasses(env)) {
return -1;
}

if (!initJavaMethods(env)) {
return -1;
}

if (!initJavaFields(env)) {
return -1;
}

return JNI_VERSION_1_6;
}

不要忘记将 MyApplication 的方法添加到 Proguard 设置中以防止它们被删除!

用法:

  1. 使用 -DDEBUG_MODE=1 创建您的 APK
  2. 在您的 Android 上启动 APK
  3. 读取“CRC-check failed:xxx”中的值
  4. 获取该值并将其插入 CLASSES_CRC=xxxx
  5. 切换到-DDEBUG_MODE=0
  6. 重建您的 APK
  7. 检查您的应用是否运行良好
  8. 发布

此方法稍微复杂一些,因为它需要 2 次构建才能获得有效的 APK。但由于 CRC 是在 C 内部检查的,而不仅仅是 APK 文件的虚拟签名被采用,所以这种检查几乎是防弹的。

在我的情况下,例如,我什至不设置许可机制以防签名无效。

此外,由于此方法仅使用数字而不使用字符,因此已完全编译。

希望这对某人有帮助!

关于android - 检查 C/ native 代码中的 .apk 签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15025304/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com