[android-developers] Re: Browse .apk structure on android phone and compute file digest
I'm also interested in the possibility of accessing at least CERT.RSA or CERT.SF from META_INF to compare digests from that file with my own ones. Or may be there is another way to detect repacking of your APK and signing it with non-original certificate. Any ideas? On Oct 5, 9:16 am, petr.maza...@mautilus.com petr.maza...@mautilus.com wrote: How the .apk installation process works on device? Is the .apk file just copied to some place and kind of installer application extracts the application information, register somehow the application to environment, extract also the icon and put it on the application launch screen? Or the .apk content is extracted and files are copied to various folders and the .apk file itself is deleted? I am asking to understand if there is any possibility on device to browse the .apk file structure and its content and access in read-only mode directly the assets, res folders, AndroidManifest.xml, the dex file and also used libraries (.jar or .so)? The reason I am asking is that I am looking for possibility to read into memory .dex, .jar or .so files like arbitrary binary files (e.g. by using the `File` class) for the purpose of computing a message digest from its content (i.e. using md5 or other hash method)... BR STeN -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Browse .apk structure on android phone and compute file digest
OK, The apk file is not unpacked after installation, it stored as is inside android either in internal memory or on SD-card in android- secure directory. Here is the code that I wrote to access the CERT.RSA file from inside the application. It seems that this is the only way, but maybe I'm wrong. private void checkAPK() { String path = this.getApplication().getPackageCodePath(); try { ZipFile zfile = new ZipFile(path); ZipEntry zentry = zfile.getEntry(META-INF/CERT.RSA); long siz = zentry.getSize(); byte[] buf=new byte[(int) siz]; InputStream istream = zfile.getInputStream(zentry); int ret = istream.read(buf); istream.close(); //process buf contents here } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } On Oct 5, 11:48 am, petr.maza...@mautilus.com petr.maza...@mautilus.com wrote: How the .apk installation process works on device? Is the .apk file just copied to some place and kind of installer application extracts the application information, register somehow the application to environment, extract also the icon and put it on the application launch screen? Or the .apk content is extracted and files are copied to various folders and the .apk file itself is deleted? I am asking to understand if there is any possibility on device to browse the .apk file structure and its content and access in read-only mode directly the assets, res folders, AndroidManifest.xml, the dex file and also used libraries (.jar or .so)? The reason I am asking is that I am looking for possibility to read into memory .dex, .jar or .so files like arbitrary binary files (e.g. by using the `File` class) for the purpose of computing a message digest from its content (i.e. using md5 or other hash method)... BR STeN -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Browse .apk structure on android phone and compute file digest
On Wed, Oct 5, 2011 at 5:06 PM, Leo leonidthek...@gmail.com wrote: OK, The apk file is not unpacked after installation, it stored as is inside android either in internal memory or on SD-card in android- secure directory. Here is the code that I wrote to access the CERT.RSA file from inside the application. It seems that this is the only way, but maybe I'm wrong. An APK is a JAR file, you should use JarFile/JarEntry. JarEntry gives you the signing certificates as well: http://download.oracle.com/javase/6/docs/api/java/util/jar/JarEntry.html#getCertificates%28%29 -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en