NDK应用程序签名检查 [英] NDK application Signature Check

问题描述

我有一个应用程序的一些安全密钥。我想存储它securly。我喜欢将其存储在本机共享库（一些code可能产生）。从那以后，我希望它通过将检查原来的APK的签名的方法返回。因此，没有人可以使用这个文件除了信任的应用程序。我知道，NDK库可以被反编译还，但是这是更难使本地code的逆向工程。那么Java .class文件。

问：

1. 有没有办法从本地code（C / C ++）尖铁起源的apk的签名？


2. 如何确保该库是从受信任的应用程序调用？

解决方案

我会尽力在这里回答你的第一个问题：

您的应用程序签名存储在您的APK的DEX（Dalvik的可执行文件）文件。 DEX文件的结构如下：

1. 标题


2. 数据栏目（包含字符串，code指令，字段等）


3. 阵列方法标识，类标识符等
的

所以，这是DEX文件的头部的开始：

1. DEX_FILE_MAGIC 恒 - UBYTE [8]


2. Adler-32校验您的应用程序（除了DEX_FILE_MAGIC和校验和本身）的 - UINT


3. SHA-1签名您的应用程序（除了DEX_FILE_MAGIC，校验和散列本身） - UBYTE [20]

所以，尖铁您的APK的签名，您应该计算你的DEX文件的SHA-1的签名从偏移32开始。

要访问您的apk从本地code的DEX文件，您可以读取进程内存，存储在/ proc /自/图：

  FILE * FP;
FP = FOPEN（的/ proc /自/地图，R）;
 

在进程内/ $ ID / maps文件的每一行都具有以下结构：

1. 地址


2. 权限


3. 偏移


4. 设备


5. 的inode


6. 路径

在这里您可以找到PROC / $ ID / maps文件的结构，更好的说明：了解Linux的的/ proc / ID /地图

要检测DEX文件的位置在进程内存中您应该将进程内/自/ maps文件的每一行中检查出路径栏。当对应DEX文件的行会被发现，你应该开始和结束的DEX文件区地址：

 而（与fgets（行，2048，FP）！= NULL）{
    //搜索.dex
    如果（的strstr（线.dex）！= NULL）{
        //获取开始和结束的DEX文件区域地址
 

所以，当你将有开始和结束您的APK字节code的地址，你就可以计算您的apk的签名。

I have some security key in an application. I want to store it securly. I like to store it in a native shared library (maybe generated from some code). After that I want it to be returned by a method that will check the signature of the original APK. So no one can use this file except trusted applications. I know, that ndk library could be also decompiled, but this is even harder to make reverse engineering of native code then java .class files.

Question:

1. Is there a way to calk the signature of the origin apk from the native code (c/c++)?
2. How can I make sure that the library is called from the trusted application?

解决方案

I will try to answer your first question here:

Signature of your application is stored in the DEX(Dalvik executable) file of your APK. DEX files have following structure:

1. Header
2. Data section(contains strings, code instructions, fields, etc)
3. Arrays of method identifiers, class identifiers, etc

So, this is the beginning of the header of DEX file:

1. DEX_FILE_MAGIC constant - ubyte[8]
2. Adler-32 checksum of your application(except DEX_FILE_MAGIC and checksum itself) - uint
3. SHA-1 signature of your application(except of DEX_FILE_MAGIC, checksum and hash itself) - ubyte[20]

So, to calk a signature of your apk, you should compute SHA-1 signature of your DEX file starting from the offset 32.

To get access to DEX file of your apk from native code, you can read process memory, which is stored in /proc/self/maps:

FILE *fp;
fp = fopen("/proc/self/maps", "r");

Each row in proc/$ID/maps file has following structure:

1. address
2. permissions
3. offset
4. device
5. inode
6. pathname

Here you can find a better description of proc/$ID/maps file's structure: Understanding Linux /proc/id/maps

To detect location of DEX file in process memory you should check out 'pathname' column in every row of your proc/self/maps file. When the row corresponding to DEX file will be found, you should get starting and ending addresses of the DEX file region:

while (fgets(line, 2048, fp) != NULL) {
    // search for '.dex'
    if (strstr(line, ".dex") != NULL) {
        // get starting and ending addresses of the DEX file region

So, when you will have starting and ending addresses of your apk's bytecode, you will be able to compute signature of your apk.

这篇关于NDK应用程序签名检查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！