From 8c617661fb53de8fb193562836288b287370a632 Mon Sep 17 00:00:00 2001 From: mahongyin Date: Tue, 31 May 2022 14:52:16 +0800 Subject: [PATCH] no --- .../src/main/java/cn/android/security/APISecurity.java | 2 +- app/build.gradle | 2 +- app/src/main/cpp/apisecurity-lib.cpp | 5 ++--- app/src/main/java/cn/android/sample/MyApplication.java | 6 +++--- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/apisecurity/src/main/java/cn/android/security/APISecurity.java b/apisecurity/src/main/java/cn/android/security/APISecurity.java index 2464f51..6154709 100644 --- a/apisecurity/src/main/java/cn/android/security/APISecurity.java +++ b/apisecurity/src/main/java/cn/android/security/APISecurity.java @@ -151,7 +151,7 @@ public class APISecurity { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { //TODO 这里获取的signingInfo 为空 猜想是flag不对 但看源码好像 目前只能使【GET_SIGNATURES 对应signatures】 PackageInfo packageInfo = pm.getPackageArchiveInfo(path, PackageManager.GET_SIGNING_CERTIFICATES); -// PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);; +// PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES); if (packageInfo != null && packageInfo.signingInfo != null) { Signature[] signatures = packageInfo.signingInfo.getApkContentsSigners(); return AppSigning.getSignatureString(signatures, AppSigning.SHA1); diff --git a/app/build.gradle b/app/build.gradle index dce4a14..4de824b 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -56,7 +56,7 @@ android { } } //这里libold.so 是hook用的实际是apk 为了读源文件签名hook - sourceSets.main.jniLibs.srcDirs = ['libs'] //为了直接读取 lib目录下 arm64-v8a/libold.so 和api-so无关 + sourceSets.main.jniLibs.srcDirs = ['libs'] //为了直接读取 lib目录下 arm64-v8a/libold.so=apk 和api-so无关 } diff --git a/app/src/main/cpp/apisecurity-lib.cpp b/app/src/main/cpp/apisecurity-lib.cpp index 676ba45..ac6bb4d 100644 --- a/app/src/main/cpp/apisecurity-lib.cpp +++ b/app/src/main/cpp/apisecurity-lib.cpp @@ -365,9 +365,7 @@ Java_cn_android_security_APISecurity_init( } //包名验证 const char *pkgName = env->GetStringUTFChars(package_name, nullptr); - if (strcmp(pkgName, APP_PKG) == 0) { - secret = API_SECRET;//包名匹配 拿取api - } else { + if (strcmp(pkgName, APP_PKG) != 0) { LOGE("非法调用2,Package: %s", pkgName); return JNI_FALSE; } @@ -404,6 +402,7 @@ Java_cn_android_security_APISecurity_init( return JNI_FALSE; } isInit = true; + secret = API_SECRET;//拿取api LOGI("初始化成功!"); return JNI_TRUE; } diff --git a/app/src/main/java/cn/android/sample/MyApplication.java b/app/src/main/java/cn/android/sample/MyApplication.java index 203e2b2..4d4dadf 100644 --- a/app/src/main/java/cn/android/sample/MyApplication.java +++ b/app/src/main/java/cn/android/sample/MyApplication.java @@ -47,10 +47,10 @@ public class MyApplication extends Application implements InvocationHandler { // 在构造函数里提早检测 AppSigning.earlyCheckSign(); } - - private void copyFile(Context context, final String fileName) { +//源apk 文件签名hook用 + private void copyFile(Context context, final String libName) { //data/app/packagename/lib/arm64/libold.so 将源文件搞到此目录 - String libPath = context.getApplicationInfo().nativeLibraryDir + File.separator + fileName; + String libPath = context.getApplicationInfo().nativeLibraryDir + File.separator + libName; apkPath = new File(libPath); Log.e("mhyLog", "File:" + libPath); }