堆栈内存溢出
  简体   繁体   English

如何在运行时检查 apk 签名 xamarin.forms

[英]How to check apk signature at runtime xamarin.forms

 原文  2020-10-15 17:29:37       c#/ android/ xamarin.forms/ signature/ tampering

问题描述

Hello guys I am trying to implement anti tamper protection and verify app signature in xamarin forms android app.大家好,我正在尝试在xamarin 表单 android应用程序中实施防篡改保护并验证应用程序签名。 Currently I am using this code:目前我正在使用此代码:

var context = Android.App.Application.Context;
Signature sigs = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures[0];

DisplayAlert("sigs.ToString()", sigs.ToString(), "ok");   //1331014879
DisplayAlert(" sigs.GetHashCode().ToString()", sigs.GetHashCode().ToString(), "ok");  //  android.content.pm.Signature@4f55acdf

sigs.GetHashCode().ToString() returns 1331014879 sigs.GetHashCode().ToString()返回1331014879
sigs.ToString() returns android.content.pm.Signature@4f55acdf sigs.ToString()返回android.content.pm.Signature@4f55acdf

But I think I may be doing it wrong.但我想我可能做错了。 Does this is correct way to get verify android app signature at runtime ?这是在运行时验证 android 应用程序签名的正确方法吗? Else please provide me code and guidance.否则请给我代码和指导。 Thanks.谢谢。

2 个解决方案

解决方案1
 2 已采纳  2020-10-17 10:36:37

If API28 or higher you should check for multipleSigners as well like this thread.如果 API28 或更高版本,您应该像这个线程一样检查 multipleSigners。 How to use PackageInfo.GET_SIGNING_CERTIFICATES in API 28? 如何在 API 28 中使用 PackageInfo.GET_SIGNING_CERTIFICATES?

Here is xamarin.android code.这是 xamarin.android 代码。

 public string Sig_Hash()
        {
            var Context = Android.App.Application.Context;

                foreach (Android.Content.PM.Signature signature in Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures  ).Signatures)
                {
                    using (SHA1Managed sha1 = new SHA1Managed())
                    {
                        var hash = sha1.ComputeHash(signature.ToByteArray());
                        var sb = new StringBuilder(hash.Length * 2);
                        foreach (byte b in hash)
                        {
                            sb.Append(b.ToString("X2"));
                        }
                        return sb.ToString();
                    }

                }
                return "";
        }

解决方案2
 0  2022-01-04 09:53:48

Thx @Leon Lu Just a little update on this: Thx @Leon Lu关于此的一点更新:

        public string GetSha1()
        {
            var Context = Android.App.Application.Context;

            if (Build.VERSION.SdkInt >= BuildVersionCodes.P)
            {
                PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.SigningCertificates);
                if (packageInfo == null || packageInfo.SigningInfo == null)
                    return string.Empty;

                var signature = packageInfo.SigningInfo.GetSigningCertificateHistory().FirstOrDefault();
                if (signature != null)
                {
                    return SignatureDigest(signature);
                }

            }
            else
            {
                PackageInfo packageInfo = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures);
                if (packageInfo == null || packageInfo.Signatures == null)
                    return string.Empty;

                var signature = Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures).Signatures.FirstOrDefault();
                if (signature != null)
                    return SignatureDigest(signature);
            }
            return string.Empty;
        }

        private static string SignatureHexa(Android.Content.PM.Signature signature)
        {
            using (SHA1Managed sha1 = new SHA1Managed())
            {
                var hash = sha1.ComputeHash(signature.ToByteArray());
                var sb = new StringBuilder(hash.Length * 2);
                foreach (byte b in hash)
                {
                    sb.Append(b.ToString("X2"));
                }
                return sb.ToString();
            }
        }

For me My App is Sign by GooglePlay, so I don't need multiple signatures对我来说我的应用程序是由 GooglePlay 签名的,所以我不需要多个签名

But if you need to check multiple signers但是如果你需要检查多个签名者

if (packageInfo.SigningInfo.HasMultipleSigners)
   {
     foreach (Signature signature in packageInfo.SigningInfo.GetApkContentsSigners())
        {
            //Dostuff
            SignatureDigest(signature);
        }
   }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过编程方式安装 APK Xamarin.Forms (Android) - Install APK by programmatically Xamarin.Forms (Android) 在 Xamarin.Forms 中在运行时加载程序集 - Loading an assembly at runtime in Xamarin.Forms 在运行时更改xamarin.forms颜色 - changing xamarin.forms colors at runtime 如何检查 Xamarin.forms C# 中数据的长时间下载 - How to check for long download of data in Xamarin.forms C# 如何在发送链接请求之前检查链接请求是否有效? (Xamarin.Forms) - How to check if a link request is valid before it sends it? (Xamarin.Forms) 如何在Xamarin.Forms中进行数据绑定 - How to databind in the Xamarin.Forms 检查Xamarin.forms中的登录是否完成 - Check Whether the login is done or not in Xamarin.forms 如何在运行时在 Xamarin.Forms 中动态更改图像的位置(x 和 y)? - How do I change an image's position (x and y) dynamically at runtime in Xamarin.Forms? 如何在运行时在xamarin.forms中的相对布局中更改视图的位置或大小 - How to change the position or size of a view in Relative Layout at runtime in xamarin.forms 如何使用xamarin.forms在android中设置外部存储写入运行时权限 - How to set external storage writing runtime permission in android with xamarin.forms
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM