there's a simpler way to do it

DimaKoz / stunning-signature

Native Signature Verification For Android (with example)

MIT License

211 stars 43 forks source link

there's a simpler way to do it #8

Closed Haoxiqiang closed 7 months ago

Haoxiqiang commented 5 years ago

I suggest get PM from native code can do the samething. replace getPackageInfo(package, 0)[0] with env->GetMethodID(cz_pm,"getPackageInfo","(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;" more ...

emileb commented 5 years ago

I think the point is to avoid having any Java in the chain as it can be easily intercepted.

Pecana commented 3 years ago

I suggest get PM from native code can do the samething. replace getPackageInfo(package, 0)[0] with env->GetMethodID(cz_pm,"getPackageInfo","(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;" more ...

This is not secure, it can be easly hooked

Haoxiqiang commented 3 years ago

yeah,in fact, they are no different. I don't know how to avoid the hook.