Android应用安全之运行环境检查
2015-07-20 10:47
525 查看
上文是关于运行时签名检查,这一节我们讨论运行时环境检查,一般我们应用被破解都是在调试模式下进行的,所以对于调试模式下的判断可以断了此路
首先Release版本debuggable的检查必须的,不能有debuggable存在于发布的产品中,这也是CTS的一部分。
其次,应用程序需要实时判断环境变化,使用模拟器或者已经破解了的手机(这个还没有好的办法,因为其可能改变系统属性)进行调试运行的判断,方法是利用java反射方法得到系统属性,进行判断
package com.example.signatureverify;
import java.io.File;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;
import android.util.Base64;
import android.util.Log;
public class SignedCertificate {
private static final boolean DEBUG = true;
private static final String SIGNATURE = "U3avmVG32YEX7gfDwfOuM4nvtFY=";
public static boolean checkAppSignature(Context context) {
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(),
PackageManager.GET_SIGNATURES);
Signature signature = packageInfo.signatures[0];
MessageDigest mDigest = MessageDigest.getInstance("SHA");
mDigest.update(signature.toByteArray());
final String currentSign = Base64.encodeToString(mDigest.digest(),
Base64.DEFAULT).trim();
if (DEBUG) {
Log.d("MYapp", "Sinature:" + currentSign);
}
if (SIGNATURE.equals(currentSign)) {
return true;
}
} catch (NameNotFoundException | NoSuchAlgorithmException e) {
e.printStackTrace();
}
return false;
}
private static String getSystemProp(String prop) throws Exception {
Class sysPropClazzClass = Class.forName("android.os.SystemProperties");
return (String) sysPropClazzClass.getMethod("get",
new Class[] { String.class }).invoke(sysPropClazzClass,
new Object[] { prop });
}
// 检查是否是在模拟器中运行
public static boolean checkEmulator() {
try {
boolean goldfish = getSystemProp("ro.hardware").contains("goldfish");
boolean emu = getSystemProp("ro.kernel.qemu").length() > 0;
boolean sdk = getSystemProp("ro.product.model").equals("sdk");
if (sdk || goldfish || emu) {
return true;
}
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
// 检查是否root
public static boolean isDeviceRooted () {
boolean ret = false;
String path = null;
Map<String,String> env = System.getenv();
if (env != null && (path = env.get("PATH")) != null) {
String [] dirs = path.split(":");
for (String dir : dirs){
String suPath = dir + "/" + "su";
File suFile = new File(suPath);
if (suFile != null && suFile.exists()) {
ret = true;
}
}
}
return ret;
}
//检查是否是debuggable的应用
public static boolean checkDebuggable(Context context){
return (context.getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
}
}
首先Release版本debuggable的检查必须的,不能有debuggable存在于发布的产品中,这也是CTS的一部分。
其次,应用程序需要实时判断环境变化,使用模拟器或者已经破解了的手机(这个还没有好的办法,因为其可能改变系统属性)进行调试运行的判断,方法是利用java反射方法得到系统属性,进行判断
package com.example.signatureverify;
import java.io.File;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;
import android.util.Base64;
import android.util.Log;
public class SignedCertificate {
private static final boolean DEBUG = true;
private static final String SIGNATURE = "U3avmVG32YEX7gfDwfOuM4nvtFY=";
public static boolean checkAppSignature(Context context) {
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(),
PackageManager.GET_SIGNATURES);
Signature signature = packageInfo.signatures[0];
MessageDigest mDigest = MessageDigest.getInstance("SHA");
mDigest.update(signature.toByteArray());
final String currentSign = Base64.encodeToString(mDigest.digest(),
Base64.DEFAULT).trim();
if (DEBUG) {
Log.d("MYapp", "Sinature:" + currentSign);
}
if (SIGNATURE.equals(currentSign)) {
return true;
}
} catch (NameNotFoundException | NoSuchAlgorithmException e) {
e.printStackTrace();
}
return false;
}
private static String getSystemProp(String prop) throws Exception {
Class sysPropClazzClass = Class.forName("android.os.SystemProperties");
return (String) sysPropClazzClass.getMethod("get",
new Class[] { String.class }).invoke(sysPropClazzClass,
new Object[] { prop });
}
// 检查是否是在模拟器中运行
public static boolean checkEmulator() {
try {
boolean goldfish = getSystemProp("ro.hardware").contains("goldfish");
boolean emu = getSystemProp("ro.kernel.qemu").length() > 0;
boolean sdk = getSystemProp("ro.product.model").equals("sdk");
if (sdk || goldfish || emu) {
return true;
}
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
// 检查是否root
public static boolean isDeviceRooted () {
boolean ret = false;
String path = null;
Map<String,String> env = System.getenv();
if (env != null && (path = env.get("PATH")) != null) {
String [] dirs = path.split(":");
for (String dir : dirs){
String suPath = dir + "/" + "su";
File suFile = new File(suPath);
if (suFile != null && suFile.exists()) {
ret = true;
}
}
}
return ret;
}
//检查是否是debuggable的应用
public static boolean checkDebuggable(Context context){
return (context.getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 