CertificateToolsHP Version 1.0

cian · May 31, 2019, 2:17pm

CertificateToolsHP Version 1.0 .

As my HackProtect extension is getting very large, I am releasing some of the functions as standalone extensions. CertificateToolsHP provides you three different certificate analysis functions on you APK to make sure it has not been cloned, patched, or hacked and resigned.

Blocks

Instructions

If your app/APK is modified after it is released, it has to be resigned.

Just before you are about to publish, create a label and use the WhatIsSig block like the example below. Download the APK, run the app on an emulator or a device. The easiest way to do this (Thank you @Kanishka_Developer) is to use the Device Tools copy ClipBoard function

Move back to Creator, and paste that ID into the APKSig block. This will check what you entered and the signature returned at run time. They should match. This is a boolean True/False.

Now you can use that APKSig block to test to make sure the signature at runtime matches the one you expect it to be. Don’t use this method when using Google Play App Signing since Google removes the original signature and add another one, so this method will fail. . Here is an example of it in use. You want to do something more graceful of course.

The IsAppCertificateDebug block checks if the app certificate is in debug. This should not occur when you export from App Invetor builders, so this is a bad thing if it happens. This is a boolean True/False.

You can use it like above.

The NumberOfAppCertificates block checks to see if there is more than one signature on the apk. Your app should not be signed more than once, and if it is, it could be patched. This is a boolean True/False. True means there is more than one certificate and that is probably bad.

Download

CertificateToolsHP.aix (12.4 KB)

Kanishka_Developer · May 31, 2019, 2:58pm

Could you provide a sample APK that demonstrates the functionality?

Why not directly call to Clipboard.Copy from Device Tools?

cian · May 31, 2019, 3:07pm

Because then you need to add more blocks, however that is a really good idea.

I like it @Kanishka_Developer

Kanishka_Developer · May 31, 2019, 3:12pm

Actually no. Instead of adding a Label component, add Device Tools. Same number of blocks, less effort.

cian · May 31, 2019, 3:23pm

Feel free to paste an example of those blocks, and I will change the description with credits!

Kanishka_Developer · May 31, 2019, 3:33pm

Screenshot_Chrome_Dev_20190531-210122

This is a better way to do it. It’s much faster, and less labour intensive than manually copying a label. Make your device work for you. Automate.

Peter · May 31, 2019, 3:33pm

I guess for extra security you can use the obfuscate text block to store the apksig value?

cian · May 31, 2019, 3:34pm

Yes @Peter. That is suggested in the description of the block!

Kanishka_Developer · May 31, 2019, 3:52pm

Device Tools

mrronock · July 1, 2019, 7:57pm

how to safe my app from apkeditor and clone

Ottoman · May 31, 2020, 2:43am

Thank you

Ottoman · June 27, 2020, 6:36am

If we upload our app on google playstore and use WhatIsSig so this will return google play apksig. after this can we use that google play apksig in our app?

hades · January 21, 2021, 8:59am

the link is broken ,I would really appreciate it if you posted a valid one

hammerhai · January 21, 2021, 5:14pm

@cian is no longer an active user on the community. Please find another extension.

kyrillos_Morgan · August 29, 2024, 1:16am

Hi, I tried to download the extension but it seems that the file is missing, can you reupload the file?