Android - 获取已安装的应用程序签名列表

时间:2017-09-24 13:23:57

标签: java android security

所以,我使用NIST为Android手机提供的数据库来检测恶意应用程序。主要来源/数据库看起来像这样:

"SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode"
"0000000F8527DCCAB6642252BBCFA1B8072D33EE","68CE322D8A896B6E4E7E3F18339EC85C","E39149E4","Blended_Coolers_Vanilla_NL.png",30439,28948,"358",""
"00000091728653B7D55DF30BFAFE86C52F2F4A59","81AE5D302A0E6D33182CB69ED791181C","5594C3B0","ic_menu_notifications.png",366,31287,"358",""
"0000065F1900120613745CC5E25A57C84624DC2B","AEB7C147EF7B7CEE91807B500A378BA4","24400952","points_program_fragment.xml",1684,31743,"358",""

正如您所看到的,第一列是特定应用的SHA1哈希码。我的最终目标是获取所有已安装的应用程序签名,即SHA1哈希代码,以便将它们与数据库进行比较,并查看哪些应用程序有害。

我花了一些时间浏览网络。我想出了我自己的应用程序的解决方案: https://gist.github.com/scottyab/b849701972d57cf9562e 但是,这会返回仅您的应用SHA1 哈希码。

例如,通过这种方式,我可以获得所有应用程序包名称:

List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);

也许有可能获得所有已安装的应用程序签名?请告诉我。

1 个答案:

答案 0 :(得分:0)

你应该这样做:

void printSampleSha1List(Context ctx) {

    List<ApplicationInfo> packages = ctx.getPackageManager().getInstalledApplications(PackageManager.GET_META_DATA);
    for (int i = 0; i < packages.size(); ++i) {
        PackageInfo packageInfo = null;
        try {
            packageInfo = ctx.getPackageManager().getPackageInfo(
                    packages.get(i).packageName, PackageManager.GET_SIGNATURES);
        } catch (PackageManager.NameNotFoundException e) {
            e.printStackTrace();
        }
        if (packageInfo != null) {
            for (Signature signature : packageInfo.signatures) {
                // SHA1 the signature
                String sha1 = getSHA1(signature.toByteArray());

                Log.i("Sha1", "name:" + packages.get(i).packageName + ", " + sha1);
                //note sample just checks the first signature
                break;
            }
        }
    }

}

public static String getSHA1(byte[] sig) {
    MessageDigest digest = null;
    try {
        digest = MessageDigest.getInstance("SHA1", "BC");
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (NoSuchProviderException e) {
        e.printStackTrace();
    }
    digest.update(sig);
    byte[] hashtext = digest.digest();
    return bytesToHex(hashtext);
}

//util method to convert byte array to hex string
public static String bytesToHex(byte[] bytes) {
    final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
            '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    char[] hexChars = new char[bytes.length * 2];
    int v;
    for (int j = 0; j < bytes.length; j++) {
        v = bytes[j] & 0xFF;
        hexChars[j * 2] = hexArray[v >>> 4];
        hexChars[j * 2 + 1] = hexArray[v & 0x0F];
    }
    return new String(hexChars);
}

这将为您提供设备上所有数据包签名的SHA1列表。

相关问题
最新问题