签名校验

Author: CYRUS-STUDIO

app/build.gradle.kts

@@ -49,6 +49,13 @@ android {
  buildTypes {
  debug {
  signingConfig = signingConfigs.getByName("cyrus")
+
+ // 注入期望签名指纹
+ buildConfigField(
+ "String",
+ "EXPECTED_SIGNATURE",
+ "\"4ODG9MBS1sIB91m3GO2PQB2VzhBAYl1xjMajotXMiRc=\""
+ )
  }
  release {
  signingConfig = signingConfigs.getByName("cyrus")
@@ -57,6 +64,13 @@ android {
  getDefaultProguardFile("proguard-android-optimize.txt"),
  "proguard-rules.pro"
  )
+
+ // 注入期望签名指纹
+ buildConfigField(
+ "String",
+ "EXPECTED_SIGNATURE",
+ "\"4ODG9MBS1sIB91m3GO2PQB2VzhBAYl1xjMajotXMiRc=\""
+ )
  }
  }
  compileOptions {
@@ -69,6 +83,7 @@ android {
  buildFeatures {
  compose = true
  prefab = true
+ buildConfig = true
  }
  ndkVersion = "27.1.12297006"
 }

app/src/main/AndroidManifest.xml

@@ -19,6 +19,10 @@
  android:theme="@style/Theme.AndroidExample"
  tools:ignore="HardcodedDebugMode"
  tools:targetApi="31">
+ <activity
+ android:name=".signature.SignatureActivity"
+ android:exported="false"
+ android:theme="@style/Theme.AndroidExample" />
  <activity
  android:name=".sohooker.SoHookerActivity"
  android:exported="false"

app/src/main/java/com/cyrus/example/MainActivity.kt

@@ -33,6 +33,7 @@ import com.cyrus.example.unicorn.UnicornActivity
 import com.cyrus.example.unidbg.UnidbgActivity
 import com.cyrus.example.vmp.VMPActivity
 import com.cyrus.example.retrofit.RetrofitActivity
+import com.cyrus.example.signature.SignatureActivity
 import com.cyrus.example.sohooker.SoHookerActivity
 
 
@@ -297,5 +298,15 @@ class MainActivity : AppCompatActivity() {
  )
  startActivity(intent)
  }
+
+
+ // 签名校验
+ findViewById<Button>(R.id.button_check_signature).setOnClickListener {
+ val intent = Intent(
+ this@MainActivity,
+ SignatureActivity::class.java
+ )
+ startActivity(intent)
+ }
  }
 }

app/src/main/java/com/cyrus/example/signature/SignatureActivity.kt

@@ -0,0 +1,67 @@
+package com.cyrus.example.signature
+
+import android.os.Bundle
+import androidx.activity.ComponentActivity
+import androidx.activity.compose.setContent
+import androidx.compose.foundation.layout.*
+import androidx.compose.material3.*
+import androidx.compose.runtime.*
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.unit.dp
+import androidx.compose.ui.platform.LocalContext
+import com.cyrus.example.BuildConfig
+
+
+class SignatureActivity : ComponentActivity() {
+ override fun onCreate(savedInstanceState: Bundle?) {
+ super.onCreate(savedInstanceState)
+ setContent {
+ SignatureScreen()
+ }
+ }
+}
+
+@Composable
+fun SignatureScreen() {
+ val context = LocalContext.current
+ var output by remember { mutableStateOf("日志输出区\n") }
+
+ Column(
+ modifier = Modifier
+ .fillMaxSize()
+ .padding(16.dp),
+ verticalArrangement = Arrangement.spacedBy(12.dp)
+ ) {
+ Button(
+ onClick = {
+ val sigs = SignatureUtils.getSigningSha256Base64(context)
+ output = "当前签名指纹:\n" + sigs.joinToString("\n")
+ },
+ modifier = Modifier.fillMaxWidth()
+ ) {
+ Text("打印当前 App 签名指纹")
+ }
+
+ Button(
+ onClick = {
+ val expected = BuildConfig.EXPECTED_SIGNATURE
+ val ok = SignatureUtils.isSignedWith(context, expected)
+ output = "签名校验结果: $ok\n\n期望签名: $expected"
+ },
+ modifier = Modifier.fillMaxWidth()
+ ) {
+ Text("执行签名校验")
+ }
+
+ Spacer(modifier = Modifier.height(16.dp))
+
+ Text(
+ text = output,
+ color = Color.White,
+ modifier = Modifier
+ .fillMaxWidth()
+ .weight(1f)
+ )
+ }
+}

app/src/main/java/com/cyrus/example/signature/SignatureUtils.kt

@@ -0,0 +1,54 @@
+// SignatureUtils.kt
+package com.cyrus.example.signature
+
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Build
+import android.util.Base64
+import android.util.Log
+import java.security.MessageDigest
+
+object SignatureUtils {
+ private const val TAG = "SignatureUtils"
+
+ /** 返回当前 app 的签名指纹列表（Base64(SHA256(certBytes))） */
+ fun getSigningSha256Base64(context: Context): List<String> {
+ val res = mutableListOf<String>()
+ try {
+ val pm = context.packageManager
+ val pkg = context.packageName
+ val packageInfo = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+ pm.getPackageInfo(pkg, PackageManager.GET_SIGNING_CERTIFICATES)
+ } else {
+ @Suppress("DEPRECATION")
+ pm.getPackageInfo(pkg, PackageManager.GET_SIGNATURES)
+ }
+
+ val signatures = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+ packageInfo.signingInfo.apkContentsSigners
+ } else {
+ @Suppress("DEPRECATION")
+ packageInfo.signatures
+ }
+
+ for (sig in signatures) {
+ val certBytes = sig.toByteArray()
+ val md = MessageDigest.getInstance("SHA-256")
+ val digest = md.digest(certBytes)
+ val base64 = Base64.encodeToString(digest, Base64.NO_WRAP)
+ Log.d(TAG, "Runtime sign sha256 base64: $base64")
+ res.add(base64)
+ }
+ } catch (e: Exception) {
+ Log.e(TAG, "getSigningSha256Base64 error", e)
+ }
+ return res
+ }
+
+ /** 检查任一签名是否与期望值相等 */
+ fun isSignedWith(context: Context, expectedBase64: String): Boolean {
+ val list = getSigningSha256Base64(context)
+ for (s in list) if (s == expectedBase64) return true
+ return false
+ }
+}

app/src/main/res/layout/activity_main.xml

@@ -214,6 +214,13 @@
  android:layout_marginTop="12dp"
  android:text="动态篡改 so 函数返回值" />
 
+ <Button
+ android:id="@+id/button_check_signature"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:layout_marginTop="12dp"
+ android:text="签名校验" />
+
  </LinearLayout>
 
 </ScrollView>