Recently, we have been studying the security issues of android applications. It seems that only the core code written to the bottom layer of JNI is the safest. Determine whether the signature is correct through the underlying layer. If the signature is correct, continue to execute the core code. Otherwise, exit the program, which can prevent malicious decompilation and perform secondary packaging. The key here is how to obtain the signature in JNI.
I checked a lot of information online and didn't have any answers. But I slowly found some ideas, so I did my research and finally got the results. I don't dare to share it with you.
As we all know, it is very easy to obtain the signature hash value in the java code of android. The process is as follows:
try { PackageInfo packageInfo = getPackageManager().getPackageInfo( "com.klxx.as", PackageManager.GET_SIGNATURES); Signature[] signs = packageInfo.signatures; Signature sign = signs[0]; Log.i("test", "hashCode : "+sign.hashCode()); } catch (Exception e) { e.printStackTrace(); }
Many methods are provided in JNI. You can call the methods in java in reverse order, for example, the following code:
PackageInfo packageInfo = getPackageManager (). getPackageInfo ("com. klxx. as", PackageManager. GET_SIGNATURES );
We can use JNI to write it as follows:
// Obtain the Context class jclass native_clazz = (* env)-> GetObjectClass (env, context); // obtain the IDjmethodID methodID_func = (* env)-> GetMethodID (env, native_clazz, "getPackageManager", "() Landroid/content/pm/PackageManager;"); // obtain the application package manager jobject package_manager = (* env)-> CallObjectMethod (env, thiz, methodID_func); // obtain PackageManager class jclass pm_clazz = (* env)-> GetObjectClass (env, package_manager); // obtain the IDjmethodID methodID_pm = (* env) -> GetMethodID (env, pm_clazz, "getPackageInfo", "(Ljava/lang/String; I) Landroid/content/pm/PackageInfo ;"); // obtain the application package information jobject package_info = (* env)-> CallObjectMethod (env, package_manager, methodID_pm, (* env)-> NewStringUTF (env, "com. example. hellojni "), 64 );
This method is called reflection in java. For more JNI reflection methods, refer to the blog "absolute security of android Development (iii) JNI method set".
Through this reflection mechanism, I debug and parse the application step by step, finally obtain the signature information of the application, and obtain the hash value of the signature from the signature information.
I uploaded this code to CSDN. You are welcome to download it. If you have any vulnerabilities, please give us some advice.
: Http://download.csdn.net/detail/iloveyoueveryday/6909583.