Before understanding the structure of V2 signature, let's understand the structure of zip(apk) file.
Zip file is divided into three parts:
You can locate the central directory by its initial offset and size, then traverse the entries of the central directory and find the corresponding compressed data in the data area according to the initial offset of the local file header.
In the detailed explanation of JAR signature mechanism, one of apk signature mechanisms, we already know that JAR signature is to add a META-INF directory to Apk files, that is, it is necessary to modify the data area and the central directory, because adding files will change the size and offset of the central directory, and it is also necessary to modify the end record of the central directory. In order to strengthen the data integrity guarantee, V2 scheme inserts an APK signature block between the data area and the central directory, instead of inserting data between the data area and the central directory, thus ensuring the integrity of the original zip(apk) data. Details are as follows:
V2 signature block is responsible for protecting the integrity of parts 1, 3 and 4, and the integrity of the signed data block in V2 block of APK signature scheme contained in the second part.
The APK signature block consists of four parts: block length, ID value sequence, block length and fixed magic value. Among them, the APK signature scheme v2 is stored in the key-value pair with the ID of 0x7109871a. When checking the signature, first find the record at the end of the zip central directory, and then find the initial offset of the central directory from this record. Then, the magic value can be used to determine the block that may be signed by APK in front. Then, the location of the APK signature block can be determined by two block length fields. Finally, the location of v2 block of APK signature scheme can be located by ID(0x7 10987 1a).
The v2 block of APK signature scheme is a signature sequence, which indicates that multiple signers can sign the same APK. Each signature information contains three parts:
As mentioned earlier, the v2 signature block is responsible for protecting the integrity of parts 1, 3 and 4, and the integrity of the signed data block in the v2 block of the APK signature scheme contained in part 2. The integrity of 1, 3 and 4 parts is protected by the content digest, which is stored in the signature data block, and the integrity of the signature data block is guaranteed by the signature. Let's look at the abstract calculation process:
1, 3, and 4 are calculated as follows, which is similar to a two-level Merkle tree.
Because V2 signature mechanism was introduced in Android 7.0, if you want to install APK in Android 7.0 or below, you should first sign APK with JAR signature, and then sign it with V2 scheme. Note that the order must be JAR signature first and then V2 signature, because JAR signature needs to modify the contents of the zip data area and the central directory. Using V2 signature first and then JAR signature will destroy the integrity of V2 signature.
In fact, we don't need to care about this process when compiling APK. In Android plug-in gradle 2.2, gradle will use JAR signature and V2 scheme to sign APK by default. If you want to turn off JAR signature or V2 signature, you can do it at build.gradle:
In Android 7.0, APK will first use v2 scheme for verification. In versions below Android 7.0, v2 signature will be ignored and only v 1 signature will be verified. The verification process of Android 7.0+ is as follows:
Because APK with V2 signature has JAR signature at the same time, the attacker may delete V2 signature of APK, thus making Android system only verify JAR signature. In order to prevent this attack, the V2 plan stipulates that:
Attackers may also try to delete the signatures with higher security factor in v2 block of APK signature scheme, so that the system can verify the signatures with lower security factor. To prevent such attacks:
Through the detailed explanation of ——JAR signature mechanism, one of Apk signature mechanisms, and the analysis of this paper, we know that:
Disadvantages of JAR signature
Advantages of V2 signature
Now we can answer the questions raised in the preface to the Basic Concepts and Usage of Apk Signature:
In order to ensure the integrity and authenticity of APK, APK signature is divided into two schemes: JAR signature and V2 signature. The core idea is to calculate the hash of APK content, and then use signature algorithm to sign the hash. In the verification process, the signature is decrypted by the signer's public key, and then compared with the APK content hash calculated by the verifier. If they are consistent, the verification is passed.
Sign the certificate fingerprint. When applying for a third-party SDK, you need to fill in the APK package name and certificate fingerprint, and the SDK developer will generate a key according to these two values in the background. When the third-party SDK is initialized, it will get the package name, signature certificate fingerprint and key of the current APK from the system, then upload this fingerprint to its server, and then check whether the package name and signature certificate fingerprint are bound to this key, and then authorize it after passing the check.
Before V2 scheme appeared, there were three quick batch packaging schemes:
After the emergence of the V2 scheme, since the integrity of the data area, the central directory and the ending records of the central directory are guaranteed at the same time, neither the schemes 2 nor 3 are applicable. Is there any possibility of rapid batch packaging? Of course not. We can start with the APK signature area. Let's look back at the structure of the APK signature block:
There is an ID-VALUE sequence in the APK signature block, and the signature information (APK signature scheme v2 block) is only stored in the ID-VALUE with the ID of 0x7109871a. By analyzing the source code of signature verification, we can find that other ID-VALUE data are unresolved, that is, except for the v2 block of APK signature scheme, other ID-values do not affect signature verification. Therefore, we can define a new ID value and write the channel information into the APK signature block. Because v2 scheme only guarantees the integrity of the signature data block in V2 block of APK signature scheme contained in 1, parts 3 and 4 and part 2 (APK signature block). The newly written ID value is not protected, so this scheme is feasible. Walle, the new generation channel package generation tool of Meituan, is actually realized through this scheme.
Well, all the internal analysis of APK signature mechanism is over. I believe that after reading these three articles, you have a general understanding of JAR signature and V2 signature mechanism. Interested students can read the signed and verified source code for further analysis.