Android - get list of installed apps signatures
Question
So, Im using NIST provided database for android phones to detect malicious applications. The main source/database is looking like this:
"SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode"
"0000000F8527DCCAB6642252BBCFA1B8072D33EE","68CE322D8A896B6E4E7E3F18339EC85C","E39149E4","Blended_Coolers_Vanilla_NL.png",30439,28948,"358",""
"00000091728653B7D55DF30BFAFE86C52F2F4A59","81AE5D302A0E6D33182CB69ED791181C","5594C3B0","ic_menu_notifications.png",366,31287,"358",""
"0000065F1900120613745CC5E25A57C84624DC2B","AEB7C147EF7B7CEE91807B500A378BA4","24400952","points_program_fragment.xml",1684,31743,"358",""
As you can see first column is SHA1 hash code of specific app. My ultimate goal is to get all installed apps signatures, ie SHA1 hash code to compare them with database and see which apps are harmful.
I spend some time for browsing the net. I came up with solution for my own app: https://gist.github.com/scottyab/b849701972d57cf9562e However, this returns only your app SHA1 hash code.
For example, in this way I can get all application packages names:
List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);
Maybe there is possibility to get all installed apps signatures? Let me know.
1 answers
solution1
0 2017-09-24 13:52:57
You should do like this:
void printSampleSha1List(Context ctx) {
List<ApplicationInfo> packages = ctx.getPackageManager().getInstalledApplications(PackageManager.GET_META_DATA);
for (int i = 0; i < packages.size(); ++i) {
PackageInfo packageInfo = null;
try {
packageInfo = ctx.getPackageManager().getPackageInfo(
packages.get(i).packageName, PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
if (packageInfo != null) {
for (Signature signature : packageInfo.signatures) {
// SHA1 the signature
String sha1 = getSHA1(signature.toByteArray());
Log.i("Sha1", "name:" + packages.get(i).packageName + ", " + sha1);
//note sample just checks the first signature
break;
}
}
}
}
public static String getSHA1(byte[] sig) {
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA1", "BC");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
digest.update(sig);
byte[] hashtext = digest.digest();
return bytesToHex(hashtext);
}
//util method to convert byte array to hex string
public static String bytesToHex(byte[] bytes) {
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
This will give you a list of SHA1 of signatures of all the packets on the device.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.