A lot of information online, where only a note
to decompile dex modifications repackaged after signing signature information apk will certainly change, it can be judged whether the signature information in the code
is changed, if the signatures do not match to exit the program, in order to prevent being re apk Bale.
1 java code to verify the signature
Obtain signature information PackageManager
public static int getSignature(Context context) {
PackageManager pm = context.getPackageManager();
PackageInfo pi;
StringBuilder sb = new StringBuilder();
try {
pi = pm.getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
Signature[] signatures = pi.signatures;
for (Signature signature : signatures) {
sb.append(signature.toCharsString());
}
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace ();
}
return sb.toString().hashCode();
}
This pure character comparisons are easy to break out, search directly kill or modify your signature validation logic in the global smali on the line, in fact, of little use.
2 signature verification into the native layer NDK development of
this authentication security a little bit, after all, can reverse C and C ++ people to be less. I like this still can not reverse C that's all.
But for students who can reverse C, is also very easy to get rid of your validation logic, you can consider adding, after all, still a little used.
3 validation into the server
no sense of Birds, to kill the judge or modify your logic interface on the line.
There are many advanced ways to bypass the signature verification, but also to be studied.
from:https://www.cnblogs.com/lesliefang/p/5152358.html