APP security analysis-taxi hailing Software

APP security analysis-taxi hailing Software

Recently, I found that the APK of a taxi hailing software is very popular. I heard that they are providing very strict protection to prevent users from packing twice. Today, let's analyze how secure he is.

After rigorous analysis, we found that the taxi APP (driver edition) is mainly protected in two places.

The first one is: During the login process, the md5 Signature information of the apk signature information is obtained by passing the context object to the so library. The second one is: in the main interface, each onResume calls a private class for verification. If the verification fails, "Uninstall the software before using it" is displayed ~" . Force the app to exit by clicking OK.

First, let's talk about the first verification: it is safer to use so as the place where the signature information is obtained than to obtain the signature information in java. However, the context object must be passed to the underlying layer to obtain the signature information. So the protection weakness is mainly in the transmission of the context object.

In the c method of the com.sdu.didi.net package

 

 

SecurityLib. getUUID (this. B) is used to call the getUUID METHOD OF THE so library and pass context.

UUID is converted from the so library through signature information, and this. B is the getContext of the application.

In this case, we add and override the getPackageManager method in the application and modify the return value. Return the PackageManager we wrote. As follows:

 

Modify the getPackageInfo method and return our own packageInfo object.

 

The ChangesSignture method is as follows: the value of Signature is the MD5 value of the driver's genuine Signature information.

 

The above modifications have been tested. The verification of the logon process has no effect.

Next we will discuss the second verification:

In MainActivity under com. sdu. didi. gui. main package

 

CheckCheatTool (); checks. If the software is pirated, a prompt is displayed: "Uninstall the software and use it again." This protection is even less secure. We only need to comment out or delete this line of code. This verification has no effect.

The author finally wants to say:

Encryption technology is also a project that requires in-depth research. If you are interested, you can look at the encryption methods used by others or study some third-party platforms dedicated to providing encryption services. Of course, you can also use it directly if you are lazy.

[Author: Love encryption. For more information, see "FreeBuf. COM".]