Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PackageSignatures from adb shell dumpsys

I would like to know what exactly means the hashes from the field PackageSignatures when you obtain it with

adb shell dumpsys package com.myapp

for a given installed app.

I see two hashes:

signatures=PackageSignatures{abcabca [xyzxyzxy]}

The first one (abc) is different in each installation. The second one (xyz) is fixed for a given apk.

Moreover, I would like to know whether the second one has any relationship with the public signature of the APK. I have several apks with the same public signature, but the second hash is different. Is that normal?

like image 381
Fran J Martínez Avatar asked Nov 07 '18 14:11

Fran J Martínez


1 Answers

The signatures line on a recent Android version looks as follows:

signatures=PackageSignatures{9122424 version:2, signatures:[bbb2e2d2], past signatures:[]}

To understand this line we just have to look into the AOSP source code: PackageSignatures.java

First part

The first part abcabca comes from System.identityHashCode(this). Hence it generated the Java hashcode fro the current PackageSignatures instance. As this class has only one filed PackageParser.SigningDetails mSigningDetails; the hash code totally depends on the fields of the class SigningDetails:

  • Signature[] signatures;
  • int signatureSchemeVersion;
  • ArraySet publicKeys;

Version part (newer Android versions)

Your used Android version seems to be a bit old, as nowadays the second part is the signatureSchemeVersion - at the moment there are three signature schemes known: V1 (jarsigner), v2 and v3.

Third part (signatures)

The signatures you are interested in is generated by the following code:

Integer.toHexString(mSigningDetails.signatures[i].hashCode())

Where signatures[i] is an instance of the class [android.content.pm.Signature](https://github.com/aosp-mirror/platform_frameworks_base/blob/master/core/java/android/content/pm/Signature.java ).

The hashCode() is defined in this class to be generated by Arrays.hashCode(mSignature); where mSignature is a byte array that seem to contain the encoded version of the used X.509 signature certificate. Alternatively the raw byte[] can be supplied, hence it is difficult to tell the concrete content.

But from my understanding on your device this part should be directly linked to the signature of the APK file.

like image 124
Robert Avatar answered Nov 15 '22 01:11

Robert