从自由哈克保护应用内购买 [英] Protecting in-app purchases from Freedom Hack
问题描述
我throughtoutly搜索网站,以及别人对答案,并没有发现任何实际的。
I've throughtoutly searched this site as well as others for answers and found no actual one.
我的问题是,究竟是什么自由哈克(允许用户获得应用内购买无需支付)做的。也就是说,有什么进程的一部分被改变。我发现<一href="https://docs.google.com/s$p$padsheet/ccc?key=0Aoz9rJKp8kcHdE1SZV9ic2xUVV9fRmhiREVwYUZMSGc#gid=234">this应用程序列表为其破解工作,有的条目有日期为本月,这意味着它并没有被完全固定呢。我见过的反应是验证您的服务器的应用程序,但如果黑客,例如,改变在java.security的签名验证功能,所以它总是返回true,再加入我自己的签名服务器不会多大帮助。
My question is what exactly does the Freedom Hack (which allows users to get in-app purchases without paying) do. That is, what part of the process is altered. I've found this list of applications for which the hack works, and some of the entries there are dated to this month, meaning that it hasn't been completely fixed yet. The responses I've seen were "verify the application in your server", but if the hack, for example, alters the Java.Security's signature verification function, so it always returns true, then adding my own signature in the server wouldn't help much.
推荐答案
我不知道,如果笔者仍然遵循这个话题与否。但我花了一段时间来找到(谷歌搜索)怎样的方式自由工作以及如何prevent它(直到他们更新的方式自由工作)在我的项目和它的作品。我的实现是非常简单的,你不需要核实发送请求到服务器(这会影响性能,并采取更多的努力来实现它)。
I don't know if the author still follow this topic or not. But I spent sometime to find out (googling) the way how freedom work and how to prevent it (until they update the way freedom work) in my project and it works. My implementation is really simple and you don't need to verify by sending request to server (which affect the performance and take more effort to implement it).
自由的当前实现的是,它将取代(重定向)所有方法调用java.security.Signature.verify(字节[])来一个自由的JNI方法反过来只是简单的总是返回真(或1)。
The current implementation of freedom is that it will replace (redirect) all the method calls of java.security.Signature.verify(byte[]) to a freedom's jni method which in turn just simply always return true (or 1).
看看 java.security.Signature.verify(字节[]):
public final boolean verify(byte[] signature) throws SignatureException {
if (state != VERIFY) {
throw new SignatureException("Signature object is not initialized properly");
}
return engineVerify(signature);
}
下面的 engineVerify 方法是首先在定义的(抽象保护方法的Java .security.SignatureSpi 签名延伸SignatureSpi中)。
好吧,这就够了,因为我无法相信 java.security.Signature.verify(字节[])办法了,我会用 engineVerify 直接法。为了做到这一点,我们需要使用反射。修改验证的方法 IABUtil /安全性从:
Here the engineVerify method is an abstract protected method which is first defined in java.security.SignatureSpi(Signature extends SignatureSpi).
OK, that enough, because I can't believe java.security.Signature.verify(byte[]) method anymore, I would use engineVerify method directly. To do that, we need to use reflection. Modify the verify method of IABUtil/Security from:
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
Signature sig;
try {
sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
if (!sig.verify(Base64.decode(signature))) {
Log.e(TAG, "Signature verification failed.");
return false;
}
return true;
} catch (...) {
...
}
return false;
}
要:
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
Signature sig;
try {
sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(publicKey);
sig.update(signedData.getBytes());
Method verify = java.security.SignatureSpi.class.getDeclaredMethod("engineVerify", byte[].class);
verify.setAccessible(true);
Object returnValue = verify.invoke(sig, Base64.decode(signature));
if (!(Boolean)returnValue) {
Log.e(TAG, "Signature verification failed.");
return false;
}
return true;
} catch (...) {
...
}
return false;
}
这是简单,但它与自由当前执行工作,直到他们更新其在未来的算法。
That is simple but it works with the current implementation of freedom until they update its algorithm in the future.
这篇关于从自由哈克保护应用内购买的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
