android - Generate token for access server resources -
i trying generate token @ run time using sign certificate , verify token on server access resources. don't want store token in xml file because available after reverse engineering of apk
code generating token is
public string gettoken() { signature[] sigs; try { sigs = context.getpackagemanager().getpackageinfo(context.getpackagename(), packagemanager.get_signatures).signatures; string token = sigs[0].tocharsstring(); return token; } catch (exception e) { e.printstacktrace(); return null; } }
issue device return different token apk generated same certificate, don't know reason why returning different token devices.
all want generate token used access web resources, , don't want store token in apk no 1 can token decompiling apk.
you can store token c or c++ , add signature verification
public static string getsignature(context context) { try { packageinfo packageinfo = context.getpackagemanager().getpackageinfo(context.getpackagename(), packagemanager.get_signatures); signature[] signatures = packageinfo.signatures; return signatures[0].tocharsstring(); } catch(packagemanager.namenotfoundexception e) { e.printstacktrace(); } return null;
}
const char * app_signature = "singsing"; static int is_valid = 0; void java_com_xxx_xxx_nativeinit(jnienv *env, jobject thiz, jobject context_object){ jclass context_class = (*env)->getobjectclass(env, context_object); //context.getpackagemanager() jmethodid methodid = (*env)->getmethodid(env, context_class, "getpackagemanager", "()landroid/content/pm/packagemanager;"); jobject package_manager_object = (*env)->callobjectmethod(env, context_object, methodid); if (package_manager_object == null) { return; } //context.getpackagename() methodid = (*env)->getmethodid(env, context_class, "getpackagename", "()ljava/lang/string;"); jstring package_name_string = (jstring)(*env)->callobjectmethod(env, context_object, methodid); if (package_name_string == null) { return ; } (*env)->deletelocalref(env,context_class); //packagemanager.getpackageinfo(sting, int) //public static final int get_signatures= 0x00000040; jclass pack_manager_class = (*env)->getobjectclass(env, package_manager_object); methodid = (*env)->getmethodid(env, pack_manager_class, "getpackageinfo", "(ljava/lang/string;i)landroid/content/pm/packageinfo;"); (*env)->deletelocalref(env,pack_manager_class); jobject package_info_object = (*env)->callobjectmethod(env, package_manager_object, methodid, package_name_string, 0x40); if (package_info_object == null) { return ; } (*env)->deletelocalref(env,package_manager_object); //packageinfo.signatures[0] jclass package_info_class = (*env)->getobjectclass(env, package_info_object); jfieldid fieldid = (*env)->getfieldid(env, package_info_class, "signatures", "[landroid/content/pm/signature;"); (*env)->deletelocalref(env,package_info_class); jobjectarray signature_object_array = (jobjectarray)(*env)->getobjectfield(env,package_info_object, fieldid); if (signature_object_array == null) { return ; } jobject signature_object = (*env)->getobjectarrayelement(env,signature_object_array, 0); (*env)->deletelocalref(env,package_info_object); jclass signature_class = (*env)->getobjectclass(env, signature_object); methodid = (*env)->getmethodid(env, signature_class, "tocharsstring", "()ljava/lang/string;"); (*env)->deletelocalref(env,signature_class); jstring signature_jstirng = (jstring) (*env)->callobjectmethod(env, signature_object, methodid); const char *sign=(*env)->getstringutfchars(env, signature_jstirng,null); if (strcmp(sign,app_signature)==0 || strcmp(sign,app_j_s)==0) { is_valid= 1; } return; }
Comments
Post a Comment