【问题标题】:How to check apk signature at runtime xamarin.forms如何在运行时检查 apk 签名 xamarin.forms
【发布时间】:2020-10-15 17:29:37
【问题描述】:

大家好,我正在尝试在 xamarin forms android 应用中实现 防篡改保护 并验证应用签名。目前我正在使用此代码:

var context = Android.App.Application.Context;
Signature sigs = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures[0];

DisplayAlert("sigs.ToString()", sigs.ToString(), "ok");   //1331014879
DisplayAlert(" sigs.GetHashCode().ToString()", sigs.GetHashCode().ToString(), "ok");  //  android.content.pm.Signature@4f55acdf                         

sigs.GetHashCode().ToString() 返回 1331014879
sigs.ToString() 返回 android.content .pm.Signature@4f55acdf

但我想我可能做错了。这是在运行时验证 android 应用程序签名的正确方法吗?否则请给我代码和指导。谢谢。

【问题讨论】:

标签: c# android xamarin.forms signature tampering


【解决方案1】:

如果 API28 或更高版本,您应该像这个线程一样检查多个签名者。 How to use PackageInfo.GET_SIGNING_CERTIFICATES in API 28?

这里是 xamarin.android 代码。

 public string Sig_Hash()
        {
            var Context = Android.App.Application.Context;

                foreach (Android.Content.PM.Signature signature in Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures  ).Signatures)
                {
                    using (SHA1Managed sha1 = new SHA1Managed())
                    {
                        var hash = sha1.ComputeHash(signature.ToByteArray());
                        var sb = new StringBuilder(hash.Length * 2);
                        foreach (byte b in hash)
                        {
                            sb.Append(b.ToString("X2"));
                        }
                        return sb.ToString();
                    }

                }
                return "";
        }

【讨论】:

    【解决方案2】:

    谢谢@Leon Lu 对此的一点更新:

            public string GetSha1()
            {
                var Context = Android.App.Application.Context;
    
                if (Build.VERSION.SdkInt >= BuildVersionCodes.P)
                {
                    PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.SigningCertificates);
                    if (packageInfo == null || packageInfo.SigningInfo == null)
                        return string.Empty;
    
                    var signature = packageInfo.SigningInfo.GetSigningCertificateHistory().FirstOrDefault();
                    if (signature != null)
                    {
                        return SignatureDigest(signature);
                    }
    
                }
                else
                {
                    PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures);
                    if (packageInfo == null || packageInfo.Signatures == null)
                        return string.Empty;
    
                    var signature = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures).Signatures.FirstOrDefault();
                    if (signature != null)
                        return SignatureDigest(signature);
                }
                return string.Empty;
            }
    
            private static string SignatureHexa(Android.Content.PM.Signature signature)
            {
                using (SHA1Managed sha1 = new SHA1Managed())
                {
                    var hash = sha1.ComputeHash(signature.ToByteArray());
                    var sb = new StringBuilder(hash.Length * 2);
                    foreach (byte b in hash)
                    {
                        sb.Append(b.ToString("X2"));
                    }
                    return sb.ToString();
                }
            }
    

    对我来说,我的应用是通过 GooglePlay 签名的,所以我不需要多个签名

    但如果您需要检查多个签名者

    if (packageInfo.SigningInfo.HasMultipleSigners)
       {
         foreach (Signature signature in packageInfo.SigningInfo.GetApkContentsSigners())
            {
                //Dostuff
                SignatureDigest(signature);
            }
       }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2015-05-08
      • 1970-01-01
      • 2013-06-29
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多