Fix signature check

2021-05-06 20:51:10 +08:00 · 2021-05-06 20:51:10 +08:00 · 5280b740f5
parent 38d78341da
commit 5280b740f5
2 changed files with 61 additions and 50 deletions
--- a/TMessagesProj/src/main/java/org/telegram/messenger/ApplicationLoader.java
+++ b/TMessagesProj/src/main/java/org/telegram/messenger/ApplicationLoader.java
@ -25,7 +25,6 @@ import android.net.NetworkInfo;
 import android.os.Build;
 import android.os.Handler;
 import android.os.PowerManager;
-import android.os.Process;
 import android.os.SystemClock;
 import android.telephony.TelephonyManager;
 import android.util.Log;
@ -39,14 +38,11 @@ import org.telegram.ui.ActionBar.Theme;
 import org.telegram.ui.Components.ForegroundDetector;

 import java.io.File;
-import java.io.InputStream;
 import java.lang.reflect.Method;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.Set;

-import cn.hutool.core.codec.Base64;
-import cn.hutool.core.io.IoUtil;
 import tw.nekomimi.nekogram.ExternalGcm;
 import tw.nekomimi.nekogram.NekoConfig;
 import tw.nekomimi.nekogram.NekoXConfig;
@ -359,33 +355,7 @@ public class ApplicationLoader extends Application {
            NekoConfig.preferences.contains("qwq");
            NekoXConfig.preferences.contains("qwq");

-            Runnable fuckMT = () -> {
-                Thread.setDefaultUncaughtExceptionHandler(null);
-                Thread.currentThread().setUncaughtExceptionHandler(null);
-
-                if (SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-                    try {
-                        Process.killProcess(Process.myPid());
-                    } catch (Exception e) {
-                    }
-                }
-                Runtime.getRuntime().exit(0);
-            };
-
-            try {
-                Class.forName(Base64.decodeStr("YmluLm10LmFwa3NpZ25hdHVyZWtpbGxlcnBsdXMuSG9va0FwcGxpY2F0aW9u"));
-                AndroidUtilities.runOnUIThread(fuckMT);
-            } catch (ClassNotFoundException ignored) {
-            }
-
-            if (!SignturesKt.isVerified(this)) {
-                InputStream certPointSF = getClass().getResourceAsStream(Base64.decodeStr("TUVUQS1JTkYvQ0VSVC5TRg=="));
-                if (certPointSF == null) {
-                    AndroidUtilities.runOnUIThread(fuckMT);
-                }
-                IoUtil.close(certPointSF);
-            }
-
+            SignturesKt.checkMT(this);
        });

        try {
--- a/TMessagesProj/src/main/java/tw/nekomimi/nekogram/parts/Signtures.kt
+++ b/TMessagesProj/src/main/java/tw/nekomimi/nekogram/parts/Signtures.kt
@ -1,35 +1,38 @@
+/***
+ * If you modify and release but do not release the source code, you violate the GPL, so this is made.
+ *
+ * @author nekohasekai
+ */
 package tw.nekomimi.nekogram.parts

 import android.content.Context
-import android.content.pm.PackageManager
 import android.content.pm.PackageManager.GET_SIGNATURES
 import android.content.pm.PackageManager.GET_SIGNING_CERTIFICATES
+import android.content.pm.Signature
 import android.os.Build
+import android.os.Process
 import cn.hutool.crypto.digest.DigestUtil
+import org.telegram.messenger.AndroidUtilities
 import org.telegram.messenger.FileLog

-val fdroidKeys = arrayOf(
-    "06665358EFD8BA05BE236A47A12CB0958D7D75DD939D77C2B31F5398537EBDC5",
-    "AF1A476E2D85FA33C55E44FC51D9CE93223A94F5D089F47F8CE06372E597041D",
-    "B7FAA8C354DE84E8446C52DDD9C985C117599899D5A7845ADDC72B9556CCFD55"
+val devKeys = arrayOf(
+    "32250A4B5F3A6733DF57A3B9EC16C38D2C7FC5F2F693A9636F8F7B3BE3549641"
 )

-const val devKey = "32250A4B5F3A6733DF57A3B9EC16C38D2C7FC5F2F693A9636F8F7B3BE3549641"
-
-@Throws(PackageManager.NameNotFoundException::class)
-fun Context.getSha256Signature(packageName: String): String {
+fun Context.getSignature(): Signature {
    val appInfo = packageManager.getPackageInfo(
        packageName,
        if (Build.VERSION.SDK_INT >= 28) GET_SIGNING_CERTIFICATES else GET_SIGNATURES
    )
+    return if (Build.VERSION.SDK_INT >= 28) {
+        appInfo.signingInfo.apkContentsSigners[0]
+    } else {
+        appInfo.signatures[0]
+    }
+}

-    return DigestUtil.sha256Hex(
-        if (Build.VERSION.SDK_INT >= 28) {
-            appInfo.signingInfo.apkContentsSigners[0].toByteArray()
-        } else {
-            appInfo.signatures[0].toByteArray()
-        }
-    ).uppercase()
+fun Context.getSha256Signature(): String {
+    return DigestUtil.sha256Hex(getSignature().toByteArray()).uppercase()
 }

 fun Context.isVerified(): Boolean {
@ -38,12 +41,50 @@ fun Context.isVerified(): Boolean {
        FileLog.w("packageName changed, don't check signature")
        return true
    }
-    when (val s = getSha256Signature(packageName)) {
-        devKey,
-        in fdroidKeys -> return true
+    when (val s = getSha256Signature()) {
+        in devKeys,
+        -> return true
        else -> {
            FileLog.w("Unknown signature: $s")
        }
    }
    return false
+}
+
+fun Context.checkMT() {
+    val fuckMT = Runnable {
+        Thread.setDefaultUncaughtExceptionHandler(null)
+        Thread.currentThread().uncaughtExceptionHandler = null
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
+            try {
+                Process.killProcess(Process.myPid())
+            } catch (e: Exception) {
+            }
+        }
+        Runtime.getRuntime().exit(0)
+    }
+
+    try {
+        Class.forName("bin.mt.apksignaturekillerplus.HookApplication")
+        AndroidUtilities.runOnUIThread(fuckMT)
+        return
+    } catch (ignored: ClassNotFoundException) {
+    }
+
+    if (isVerified()) return
+
+    val manifestMF = javaClass.getResourceAsStream("/META-INF/MANIFEST.MF")
+    if (manifestMF == null) {
+        FileLog.w("/META-INF/MANIFEST.MF not found")
+        return
+    }
+
+    val input = manifestMF.bufferedReader()
+    val headers = input.use { (0 until 5).map { readLine() } }.joinToString("\n")
+
+    // WTF version?
+    if (headers.contains("Android Gradle 3.5.0")) {
+        AndroidUtilities.runOnUIThread(fuckMT)
+    }
+
 }