如何在运行时检查 apk 签名 xamarin.forms
How to check apk signature at runtime xamarin.forms
大家好,我正在尝试实施 反篡改保护 并在 xamarin 表单 android 应用程序中验证应用程序签名。目前我正在使用这个代码:
var context = Android.App.Application.Context;
Signature sigs = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures[0];
DisplayAlert("sigs.ToString()", sigs.ToString(), "ok"); //1331014879
DisplayAlert(" sigs.GetHashCode().ToString()", sigs.GetHashCode().ToString(), "ok"); // android.content.pm.Signature@4f55acdf
sigs.GetHashCode().ToString() returns 1331014879
sigs.ToString() returns android.content.pm.Signature@4f55acdf
但我想我可能做错了。这是在运行时验证 android 应用程序签名的正确方法吗?否则请提供代码和指导。谢谢
如果 API28 或更高版本,您应该检查 multipleSigners 以及此线程。
这是xamarin.android代码。
public string Sig_Hash()
{
var Context = Android.App.Application.Context;
foreach (Android.Content.PM.Signature signature in Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures ).Signatures)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var hash = sha1.ComputeHash(signature.ToByteArray());
var sb = new StringBuilder(hash.Length * 2);
foreach (byte b in hash)
{
sb.Append(b.ToString("X2"));
}
return sb.ToString();
}
}
return "";
}
Thx @Leon Lu 关于这个的一点更新:
public string GetSha1()
{
var Context = Android.App.Application.Context;
if (Build.VERSION.SdkInt >= BuildVersionCodes.P)
{
PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.SigningCertificates);
if (packageInfo == null || packageInfo.SigningInfo == null)
return string.Empty;
var signature = packageInfo.SigningInfo.GetSigningCertificateHistory().FirstOrDefault();
if (signature != null)
{
return SignatureDigest(signature);
}
}
else
{
PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures);
if (packageInfo == null || packageInfo.Signatures == null)
return string.Empty;
var signature = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures).Signatures.FirstOrDefault();
if (signature != null)
return SignatureDigest(signature);
}
return string.Empty;
}
private static string SignatureHexa(Android.Content.PM.Signature signature)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var hash = sha1.ComputeHash(signature.ToByteArray());
var sb = new StringBuilder(hash.Length * 2);
foreach (byte b in hash)
{
sb.Append(b.ToString("X2"));
}
return sb.ToString();
}
}
对我来说,我的应用程序是由 GooglePlay 签名的,所以我不需要多个签名
但是如果需要勾选多个签名者
if (packageInfo.SigningInfo.HasMultipleSigners)
{
foreach (Signature signature in packageInfo.SigningInfo.GetApkContentsSigners())
{
//Dostuff
SignatureDigest(signature);
}
}
大家好,我正在尝试实施 反篡改保护 并在 xamarin 表单 android 应用程序中验证应用程序签名。目前我正在使用这个代码:
var context = Android.App.Application.Context;
Signature sigs = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures[0];
DisplayAlert("sigs.ToString()", sigs.ToString(), "ok"); //1331014879
DisplayAlert(" sigs.GetHashCode().ToString()", sigs.GetHashCode().ToString(), "ok"); // android.content.pm.Signature@4f55acdf
sigs.GetHashCode().ToString() returns 1331014879
sigs.ToString() returns android.content.pm.Signature@4f55acdf
但我想我可能做错了。这是在运行时验证 android 应用程序签名的正确方法吗?否则请提供代码和指导。谢谢
如果 API28 或更高版本,您应该检查 multipleSigners 以及此线程。
这是xamarin.android代码。
public string Sig_Hash()
{
var Context = Android.App.Application.Context;
foreach (Android.Content.PM.Signature signature in Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures ).Signatures)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var hash = sha1.ComputeHash(signature.ToByteArray());
var sb = new StringBuilder(hash.Length * 2);
foreach (byte b in hash)
{
sb.Append(b.ToString("X2"));
}
return sb.ToString();
}
}
return "";
}
Thx @Leon Lu 关于这个的一点更新:
public string GetSha1()
{
var Context = Android.App.Application.Context;
if (Build.VERSION.SdkInt >= BuildVersionCodes.P)
{
PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.SigningCertificates);
if (packageInfo == null || packageInfo.SigningInfo == null)
return string.Empty;
var signature = packageInfo.SigningInfo.GetSigningCertificateHistory().FirstOrDefault();
if (signature != null)
{
return SignatureDigest(signature);
}
}
else
{
PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures);
if (packageInfo == null || packageInfo.Signatures == null)
return string.Empty;
var signature = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures).Signatures.FirstOrDefault();
if (signature != null)
return SignatureDigest(signature);
}
return string.Empty;
}
private static string SignatureHexa(Android.Content.PM.Signature signature)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var hash = sha1.ComputeHash(signature.ToByteArray());
var sb = new StringBuilder(hash.Length * 2);
foreach (byte b in hash)
{
sb.Append(b.ToString("X2"));
}
return sb.ToString();
}
}
对我来说,我的应用程序是由 GooglePlay 签名的,所以我不需要多个签名
但是如果需要勾选多个签名者
if (packageInfo.SigningInfo.HasMultipleSigners)
{
foreach (Signature signature in packageInfo.SigningInfo.GetApkContentsSigners())
{
//Dostuff
SignatureDigest(signature);
}
}