[英]Android - get list of installed apps signatures
因此,我使用NIST為Android手機提供的數據庫來檢測惡意應用程序。 主要源/數據庫如下所示:
"SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode"
"0000000F8527DCCAB6642252BBCFA1B8072D33EE","68CE322D8A896B6E4E7E3F18339EC85C","E39149E4","Blended_Coolers_Vanilla_NL.png",30439,28948,"358",""
"00000091728653B7D55DF30BFAFE86C52F2F4A59","81AE5D302A0E6D33182CB69ED791181C","5594C3B0","ic_menu_notifications.png",366,31287,"358",""
"0000065F1900120613745CC5E25A57C84624DC2B","AEB7C147EF7B7CEE91807B500A378BA4","24400952","points_program_fragment.xml",1684,31743,"358",""
如您所見,第一列是特定應用程序的SHA1哈希碼。 我的最終目標是獲取所有已安裝的應用程序簽名,即SHA1哈希碼,以將其與數據庫進行比較,並查看哪些應用程序有害。
我花一些時間瀏覽網絡。 我為自己的應用程序提出了解決方案: https : //gist.github.com/scottyab/b849701972d57cf9562e但是,這僅返回您的應用程序SHA1哈希碼。
例如,通過這種方式,我可以獲得所有應用程序包的名稱:
List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);
也許有可能獲得所有已安裝的應用程序簽名? 讓我知道。
您應該這樣做:
void printSampleSha1List(Context ctx) {
List<ApplicationInfo> packages = ctx.getPackageManager().getInstalledApplications(PackageManager.GET_META_DATA);
for (int i = 0; i < packages.size(); ++i) {
PackageInfo packageInfo = null;
try {
packageInfo = ctx.getPackageManager().getPackageInfo(
packages.get(i).packageName, PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
if (packageInfo != null) {
for (Signature signature : packageInfo.signatures) {
// SHA1 the signature
String sha1 = getSHA1(signature.toByteArray());
Log.i("Sha1", "name:" + packages.get(i).packageName + ", " + sha1);
//note sample just checks the first signature
break;
}
}
}
}
public static String getSHA1(byte[] sig) {
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA1", "BC");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
digest.update(sig);
byte[] hashtext = digest.digest();
return bytesToHex(hashtext);
}
//util method to convert byte array to hex string
public static String bytesToHex(byte[] bytes) {
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
這將為您提供設備上所有數據包的簽名的SHA1簽名列表。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.