问题
I do check sum of classes.dex in native code as indicated here: Check .apk-signature in C/native Code
- Calculate checksum of classes.dex
- compare with hardcoded value - xxx
- if it's true, pass and go on
- if it's not true, exit the app
What I do is log the checksum value for the first build, then change the if (checksum == xxx) in native code to be the same as the logged value.
However, with using Dexguard, the checksum is different for every different build, means that if I change xxx, and generate the signed apk again, the check will always be false. I think Dexguard generate something random into the classes.dex that makes every build different.
Any ideas to get around this problem ? Thanks
回答1:
Every DEX file includes two checksums: an Adler32 and a SHA-1 signature. The former is used as a quick check for file corruption, the latter to uniquely identify the file contents. IIRC, the optimized (.odex) file updates the file checksum but retains the SHA-1 signature.
If your goal is to identify when the classes.dex contents have been changed by the build system, you should use the SHA-1. If you are attempting to create some sort of tamper-resistance, then you may need to change the way you go about embedding the checksum. For example, you could store it in an array of bytes that begins with a unique pattern, and just edit the file directly (recomputing the Adler32 afterward).
来源:https://stackoverflow.com/questions/31424581/checksum-value-of-classes-dex-keep-changing-with-dexguard-for-every-build