mahongyin/API-Security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no

Browse Source
This commit is contained in:
mahongyin
2022-05-31 14:52:16 +08:00
parent b72be3d018
commit 8c617661fb
4 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apisecurity/src/main/java/cn/android/security/APISecurity.java
View File

@@ -151,7 +151,7 @@ public class APISecurity {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
//TODO 这里获取的signingInfo 为空 猜想是flag不对 但看源码好像 目前只能使【GET_SIGNATURES 对应signatures】 //TODO 这里获取的signingInfo 为空 猜想是flag不对 但看源码好像 目前只能使【GET_SIGNATURES 对应signatures】
PackageInfo packageInfo = pm.getPackageArchiveInfo(path, PackageManager.GET_SIGNING_CERTIFICATES); PackageInfo packageInfo = pm.getPackageArchiveInfo(path, PackageManager.GET_SIGNING_CERTIFICATES);
// PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);; // PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);
if (packageInfo != null && packageInfo.signingInfo != null) { if (packageInfo != null && packageInfo.signingInfo != null) {
Signature[] signatures = packageInfo.signingInfo.getApkContentsSigners(); Signature[] signatures = packageInfo.signingInfo.getApkContentsSigners();
return AppSigning.getSignatureString(signatures, AppSigning.SHA1); return AppSigning.getSignatureString(signatures, AppSigning.SHA1);

2
app/build.gradle
View File

@@ -56,7 +56,7 @@ android {
} }
} }
//这里libold.so 是hook用的实际是apk 为了读源文件签名hook //这里libold.so 是hook用的实际是apk 为了读源文件签名hook
sourceSets.main.jniLibs.srcDirs = ['libs'] //为了直接读取 lib目录下 arm64-v8a/libold.so 和api-so无关 sourceSets.main.jniLibs.srcDirs = ['libs'] //为了直接读取 lib目录下 arm64-v8a/libold.so=apk 和api-so无关
} }

5
app/src/main/cpp/apisecurity-lib.cpp
View File

@@ -365,9 +365,7 @@ Java_cn_android_security_APISecurity_init(
} }
//包名验证 //包名验证
const char *pkgName = env->GetStringUTFChars(package_name, nullptr); const char *pkgName = env->GetStringUTFChars(package_name, nullptr);
if (strcmp(pkgName, APP_PKG) == 0) { if (strcmp(pkgName, APP_PKG) != 0) {
secret = API_SECRET;//包名匹配 拿取api
} else {
LOGE("非法调用2Package: %s", pkgName); LOGE("非法调用2Package: %s", pkgName);
return JNI_FALSE; return JNI_FALSE;
} }
@@ -404,6 +402,7 @@ Java_cn_android_security_APISecurity_init(
return JNI_FALSE; return JNI_FALSE;
} }
isInit = true; isInit = true;
secret = API_SECRET;//拿取api
LOGI("初始化成功!"); LOGI("初始化成功!");
return JNI_TRUE; return JNI_TRUE;
} }

6
app/src/main/java/cn/android/sample/MyApplication.java
View File

@@ -47,10 +47,10 @@ public class MyApplication extends Application implements InvocationHandler {
// 在构造函数里提早检测 // 在构造函数里提早检测
AppSigning.earlyCheckSign(); AppSigning.earlyCheckSign();
} }
//源apk 文件签名hook用
private void copyFile(Context context, final String fileName) { private void copyFile(Context context, final String libName) {
//data/app/packagename/lib/arm64/libold.so 将源文件搞到此目录 //data/app/packagename/lib/arm64/libold.so 将源文件搞到此目录
String libPath = context.getApplicationInfo().nativeLibraryDir + File.separator + fileName; String libPath = context.getApplicationInfo().nativeLibraryDir + File.separator + libName;
apkPath = new File(libPath); apkPath = new File(libPath);
Log.e("mhyLog", "File:" + libPath); Log.e("mhyLog", "File:" + libPath);
} }