Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xxxyanchenxxx/SigKill
一键绕过App签名验证
https://github.com/xxxyanchenxxx/SigKill
Last synced: about 1 month ago
JSON representation
一键绕过App签名验证
- Host: GitHub
- URL: https://github.com/xxxyanchenxxx/SigKill
- Owner: xxxyanchenxxx
- Created: 2017-12-11T07:51:59.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-03-24T06:59:43.000Z (over 6 years ago)
- Last Synced: 2024-05-31T09:39:41.647Z (4 months ago)
- Language: Smali
- Homepage:
- Size: 4.05 MB
- Stars: 240
- Watchers: 9
- Forks: 78
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - xxxyanchenxxx/SigKill - 一键绕过App签名验证 (Smali)
README
# SigKill
一键绕过App签名验证。实现原理是Hook了PackaegManager,返回我们指定的签名。
## Demo效果:
可以看到,第一次打印出的是真正的signatuer,后面经过hook后,就变了.....
## 如何使用,分成3步
首先将Libs/smali_lib中的代码复制到目标App的smali目录中,这步就不计入第一步了吧。
然后,
第一步:使用"Libs/签名获取.apk"获取到APK的真正签名信息,如下图
第二步:复制上一步的字符串并替换掉"Libs/smali/com/yc/pm/SignatureFake.smali"中的字符串:
```java
.method private static getSigStr()Ljava/lang/String;
.locals 1
.prologue
.line 14
const-string/jumbo v0, "48,-126,2,-21,48,-126,2,84,-96,3,2,1,2,2,4,77,54,-9,-92,48,13,.......
return-object v0
.end method
```
第三步:在App的Application的attachBaseContext()函数中调用这行smali代码即可,smali:
```java
invoke-static {}, Lcom/yc/pm/SignatureKill;->kill()V
```