Android-获取已安装应用程序签名的列表
[英]Android - get list of installed apps signatures
问题描述
So, Im using NIST provided database for android phones to detect malicious applications. 
因此,我使用NIST为Android手机提供的数据库来检测恶意应用程序。 The main source/database is looking like this: 主要源/数据库如下所示:
"SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode"
"0000000F8527DCCAB6642252BBCFA1B8072D33EE","68CE322D8A896B6E4E7E3F18339EC85C","E39149E4","Blended_Coolers_Vanilla_NL.png",30439,28948,"358",""
"00000091728653B7D55DF30BFAFE86C52F2F4A59","81AE5D302A0E6D33182CB69ED791181C","5594C3B0","ic_menu_notifications.png",366,31287,"358",""
"0000065F1900120613745CC5E25A57C84624DC2B","AEB7C147EF7B7CEE91807B500A378BA4","24400952","points_program_fragment.xml",1684,31743,"358",""
As you can see first column is SHA1 hash code of specific app. 如您所见,第一列是特定应用程序的SHA1哈希码。 My ultimate goal is to get all installed apps signatures, ie SHA1 hash code to compare them with database and see which apps are harmful. 我的最终目标是获取所有已安装的应用程序签名,即SHA1哈希码,以将其与数据库进行比较,并查看哪些应用程序有害。
I spend some time for browsing the net. 我花一些时间浏览网络。 I came up with solution for my own app: https://gist.github.com/scottyab/b849701972d57cf9562e However, this returns only your app SHA1 hash code. 我为自己的应用程序提出了解决方案: https : //gist.github.com/scottyab/b849701972d57cf9562e但是,这仅返回您的应用程序SHA1哈希码。
For example, in this way I can get all application packages names: 例如,通过这种方式,我可以获得所有应用程序包的名称:
List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);
Maybe there is possibility to get all installed apps signatures? 也许有可能获得所有已安装的应用程序签名? Let me know. 让我知道。
1 个解决方案
解决方案1
0 2017-09-24 13:52:57
You should do like this: 您应该这样做:
void printSampleSha1List(Context ctx) {
List<ApplicationInfo> packages = ctx.getPackageManager().getInstalledApplications(PackageManager.GET_META_DATA);
for (int i = 0; i < packages.size(); ++i) {
PackageInfo packageInfo = null;
try {
packageInfo = ctx.getPackageManager().getPackageInfo(
packages.get(i).packageName, PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
if (packageInfo != null) {
for (Signature signature : packageInfo.signatures) {
// SHA1 the signature
String sha1 = getSHA1(signature.toByteArray());
Log.i("Sha1", "name:" + packages.get(i).packageName + ", " + sha1);
//note sample just checks the first signature
break;
}
}
}
}
public static String getSHA1(byte[] sig) {
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA1", "BC");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
digest.update(sig);
byte[] hashtext = digest.digest();
return bytesToHex(hashtext);
}
//util method to convert byte array to hex string
public static String bytesToHex(byte[] bytes) {
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
This will give you a list of SHA1 of signatures of all the packets on the device. 这将为您提供设备上所有数据包的签名的SHA1签名列表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.