CertificateToolsHP Version 1.0

CertificateToolsHP Version 1.0 .

As my HackProtect extension is getting very large, I am releasing some of the functions as standalone extensions. CertificateToolsHP provides you three different certificate analysis functions on you APK to make sure it has not been cloned, patched, or hacked and resigned.

Blocks

Instructions

If your app/APK is modified after it is released, it has to be resigned.

Just before you are about to publish, create a label and use the WhatIsSig block like the example below. Download the APK, run the app on an emulator or a device. The easiest way to do this (Thank you @Kanishka_Developer) is to use the Device Tools copy ClipBoard function

Move back to Creator, and paste that ID into the APKSig block. This will check what you entered and the signature returned at run time. They should match. This is a boolean True/False.

Now you can use that APKSig block to test to make sure the signature at runtime matches the one you expect it to be. Don’t use this method when using Google Play App Signing since Google removes the original signature and add another one, so this method will fail. . Here is an example of it in use. You want to do something more graceful of course.

The IsAppCertificateDebug block checks if the app certificate is in debug. This should not occur when you export from App Invetor builders, so this is a bad thing if it happens. This is a boolean True/False.

You can use it like above.

The NumberOfAppCertificates block checks to see if there is more than one signature on the apk. Your app should not be signed more than once, and if it is, it could be patched. This is a boolean True/False. True means there is more than one certificate and that is probably bad.

Download

CertificateToolsHP.aix (12.4 KB)

10 Likes

Could you provide a sample APK that demonstrates the functionality? :slight_smile:

Why not directly call to Clipboard.Copy from Device Tools?

2 Likes

Because then you need to add more blocks, however that is a really good idea.

I like it @Kanishka_Developer

Actually no. Instead of adding a Label component, add Device Tools. Same number of blocks, less effort.

1 Like

Feel free to paste an example of those blocks, and I will change the description with credits!

Screenshot_Chrome_Dev_20190531-210122

This is a better way to do it. It’s much faster, and less labour intensive than manually copying a label. Make your device work for you. Automate. :wink:

2 Likes

I guess for extra security you can use the obfuscate text block to store the apksig value?

1 Like

Yes @Peter. That is suggested in the description of the block!

2 Likes

Device Tools

2 Likes

how to safe my app from apkeditor and clone