Preface
Record every bit of reverse engineering
The role of signature
Every application in Android has a unique signature. If an application is not signed, it is not allowed to be installed on the device.
protection strategy
Determine whether the signature is correct at the entrance of the app, and exit if it is incorrect.
public static String getSignature(Context context) {
try {
Signature[] signatures;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNING_CERTIFICATES);
SigningInfo signingInfo = packageInfo.signingInfo;
signatures = signingInfo.getApkContentsSigners();
} else {
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
signatures = packageInfo.signatures;
}
StringBuilder builder = new StringBuilder();
for (Signature signature : signatures) {
builder.append(signature.toCharsString());
}
return builder.toString();
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
return "";
}
Determine whether it is consistent in Application
String signature = getSignature(getApplicationContext());
if (!SIGNATURES.equals(signature)) {
Toast.makeText(this, "签名被更改", Toast.LENGTH_SHORT).show();
Process.killProcess(Process.myUid());
finish();
return;
}
Among them, the SIGNATURES constant is obtained through the getSignature(getApplicationContext()) method.
Remark
This method is not safe and can be modified through smali