CertificateToolsHP Version 1.0

Extensions
#1

CertificateToolsHP Version 1.0 .

As my HackProtect extension is getting very large, I am releasing some of the functions as standalone extensions. CertificateToolsHP provides you three different certificate analysis functions on you APK to make sure it has not been cloned, patched, or hacked and resigned.

Blocks

image
image.png914×470 37.8 KB

Instructions

If your app/APK is modified after it is released, it has to be resigned.

Just before you are about to publish, create a label and use the WhatIsSig block like the example below. Download the APK, run the app on an emulator or a device. The easiest way to do this (Thank you @Kanishka_Developer) is to use the Device Tools copy ClipBoard function

image
image.png1268×230 74 KB

Move back to Creator, and paste that ID into the APKSig block. This will check what you entered and the signature returned at run time. They should match. This is a boolean True/False.

image
image.png1276×132 17.2 KB

Now you can use that APKSig block to test to make sure the signature at runtime matches the one you expect it to be. Don’t use this method when using Google Play App Signing since Google removes the original signature and add another one, so this method will fail. . Here is an example of it in use. You want to do something more graceful of course.

image
image.png1498×216 26.9 KB

The IsAppCertificateDebug block checks if the app certificate is in debug. This should not occur when you export from App Invetor builders, so this is a bad thing if it happens. This is a boolean True/False.

image
image.png772×88 9.33 KB

You can use it like above.

The NumberOfAppCertificates block checks to see if there is more than one signature on the apk. Your app should not be signed more than once, and if it is, it could be patched. This is a boolean True/False. True means there is more than one certificate and that is probably bad.

image
image.png814×94 9.64 KB

Download

CertificateToolsHP.aix (12.4 KB)

13 Likes
Lucky Patcher In-App purchase hack bypass
UPDATE 4.1: HackProtect Extension (No Permissions Needed) - Better Emulator Detection
#2

Could you provide a sample APK that demonstrates the functionality? :slight_smile:

Why not directly call to Clipboard.Copy from Device Tools?

2 Likes
#3

Because then you need to add more blocks, however that is a really good idea.

I like it @Kanishka_Developer

#4

Actually no. Instead of adding a Label component, add Device Tools. Same number of blocks, less effort.

1 Like
#5

Feel free to paste an example of those blocks, and I will change the description with credits!

#6

Screenshot_Chrome_Dev_20190531-210122

This is a better way to do it. It’s much faster, and less labour intensive than manually copying a label. Make your device work for you. Automate. :wink:

2 Likes
#7

I guess for extra security you can use the obfuscate text block to store the apksig value?

1 Like
#8

Yes @Peter. That is suggested in the description of the block!

3 Likes
#9

Device Tools

2 Likes
#10

how to safe my app from apkeditor and clone

2 Likes
#11

Thank you :heart_eyes:

1 Like
#12

If we upload our app on google playstore and use WhatIsSig so this will return google play apksig. after this can we use that google play apksig in our app?

#13

the link is broken ,I would really appreciate it if you posted a valid one

1 Like
#14

@cian is no longer an active user on the community. Please find another extension.

1 Like