NDK application Signature Check

Question

I have some security key in an application. I want to store it securly. I like to store it in a native shared library (maybe generated from some code). After that I want it to b

Answer 1

I will try to answer your first question here:

Signature of your application is stored in the DEX(Dalvik executable) file of your APK. DEX files have following structure:

1. Header
2. Data section(contains strings, code instructions, fields, etc)
3. Arrays of method identifiers, class identifiers, etc

So, this is the beginning of the header of DEX file:

1. DEX_FILE_MAGIC constant - ubyte[8]
2. Adler-32 checksum of your application(except DEX_FILE_MAGIC and checksum itself) - uint
3. SHA-1 signature of your application(except of DEX_FILE_MAGIC, checksum and hash itself) - ubyte[20]

So, to calk a signature of your apk, you should compute SHA-1 signature of your DEX file starting from the offset 32.

To get access to DEX file of your apk from native code, you can read process memory, which is stored in /proc/self/maps:

FILE *fp;
fp = fopen("/proc/self/maps", "r");

Each row in proc/$ID/maps file has following structure:

1. address
2. permissions
3. offset
4. device
5. inode
6. pathname

Here you can find a better description of proc/$ID/maps file's structure: Understanding Linux /proc/id/maps

To detect location of DEX file in process memory you should check out 'pathname' column in every row of your proc/self/maps file. When the row corresponding to DEX file will be found, you should get starting and ending addresses of the DEX file region:

while (fgets(line, 2048, fp) != NULL) {
    // search for '.dex'
    if (strstr(line, ".dex") != NULL) {
        // get starting and ending addresses of the DEX file region

So, when you will have starting and ending addresses of your apk's bytecode, you will be able to compute signature of your apk.