search

SwissBitcoinPay / app

MIT License
15 stars 5 forks source link

diffs in verification attempt #107

Open xrviv opened 2 months ago

xrviv commented 2 months ago

Thanks to your latest update, we were able to build version 2.1.1 and conduct verification on the reproducibility of the app.

We integrated the dockerfile contents with walletscrutiny's scripts and managed to find diffs:

===== Begin Results =====
appId:          ch.swissbitcoinpay.checkout
signer:         17d9c0bf025008da16d5a146e1beaca6ddcfe3cb0cf063da23c847d3007eb621
apkVersionName: 2.1.1
apkVersionCode: 381
verdict:        
appHash:        62df7d225d6178688f451604552fb5d79525a257ac59e281f0c02f4c96e4d343
commit:         b350085a6f30027a83a8fdb18b73c5aed073cc97

Diff:
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/AndroidManifest.xml and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/AndroidManifest.xml differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/assets/index.android.bundle and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/assets/index.android.bundle differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_bitcoinwhiteborder.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_bitcoinwhiteborder.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcardblack.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcardblack.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcard.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_boltcard.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_logosquarerounded.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/drawable-mdpi-v4/src_assets_images_logosquarerounded.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/res/mipmap-hdpi-v4/ic_launcher_adaptive_fore.png and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/res/mipmap-hdpi-v4/ic_launcher_adaptive_fore.png differ
Files /tmp/fromPlay_ch.swissbitcoinpay.checkout_381/resources.arsc and /tmp/fromBuild_ch.swissbitcoinpay.checkout_381/resources.arsc differ
Only in /tmp/fromPlay_ch.swissbitcoinpay.checkout_381: stamp-cert-sha256

Revision, tag (and its signature):

===== End Results =====

I have yet to perform an analysis on these results. Here is the related merge request on walletscrutiny's gitlab. Next, I will try to do the same for split apks.

xrviv commented 2 months ago

This is the analysis for the split apks:

https://gitlab.com/walletscrutiny/walletScrutinyCom/-/blob/5264d394f4f411271b808f0f553c12c6c94f94da/_android/ch.swissbitcoinpay.checkout.md