Android :: CRC32 Checksum Use In Order To Secure LVL Applications
Sep 28, 2010
Following the examples given by Johns Trevor in order to secure Android LVL Applications (http://android-developers.blogspot.com/ 2010/09/securing-android-lvl-applications.html), I've been stuck on one only particular issue. Indeed, here is the matter: The most obvious mechanism is to use a lightweight hash function, such as CRC32, and build a hash of your application's code. You can then compare this checksum with a known good value. You can find the path of your application's files by calling context.GetApplicationInfo() - just be sure not to compute a checksum of the file that contains your checksum! (Consider storing this information on a third-party server.)
Howether, I can't find what I must use in my code to detect an "unwanted" modification inside it.
java.util.zip.CRC32 crc32 = new java.util.zip.CRC32();
crc32.update(whatPutInHere);
I've tried many method related to context.GetApplicationInfo() but no one seems to deliver something that change as soon as the code is modified. Has someone already succeed on CRC32 checksum implementation?
View 12 Replies
Nov 25, 2010
OK maybe I'm being paranoid and behind the rest of the world who has already done this: I'm afraid of adding my credit card to my Google Checkout account! My main concern being a super intelligent user of my Android phone who will buy a million apps (potentially!) - my 5 year old son
I used to have a credit card on my account - but that's expired
Knowing that the card had expired, I thought I would test out the buying of an app
I was surprised that it only took a few pages of my clicking yes to buy the app
(The purchase didn't go through - I got an email saying this because my credit card couldn't be charged)
Question: is there a secure pass code system to buy applications?
Like needing to input a code at the last step of buying
(I think this is how iPhone works - I say this not having owned one)
I don't think there is a secure pass system - I've played around with my phone loads and have never come across anything. BUT, EVEN if there was such a pass system: there's still something wrong!
I've bought my phone. Not made any changes. Just started using. I would imagine that's what everyone does - as opposed to buying and then customising and making secure (and maybe optimizing the use of energy so that it doesn't die within a few hours of use)
Buying an application: you can cancel within 24 hours (I think that's the time limit) Over the weekend, I let go of business life and only pick up on Monday - so if my son purchased and installed an application on Friday evening, I wouldn't find out until some time later - because I don't look at my phone OR my emails over the weekend! (+ Say if an application was purchased that I then managed to cancel - I then lose the right to buy again and trial with the right to cancel - a small point, but valid regardless I think)
Would be interested to hear what others say - maybe I'm missing something and maybe I'm using incorrectly.
View 24 Replies
View Related
Sep 19, 2010
Would appreciate some comments on whether our Google Checkout is vulnerable when downloading and using apps that request your gmail authentication details e.g.
RSS readers that uses your Google Reader
SMS backup apps that back up to your Gmail account
Picasa photo related software that needs access to your gmail
I was thinking over this weekend that it seems to me that if we supply these apps with our gmail credentials they potentially have the ability to also hack our Google Checkout which doesn't have any secondary level of security other than our Gmail account username/password!
View 6 Replies
View Related
Jul 14, 2010
Is there a way to re-arrange the applications list in grid view in alphabetical order?
If I switch to "list view", they are in alphabetical order, but in grid view, they are not. I could not find a way to do it.
View 2 Replies
View Related
Jul 22, 2010
I have tried the default music player that is installed with the Droid-X. I've also bought the bTunes player and installed the MixZing player (free version). What is wrong that, by default, all list the tracks of an album in alphabetical order? At least bTunes will let you optionally sort by original track order (although the way given by bTunes is counter-intuitive and you have to start playing a track before you can sort).
By default, all albums should display in original track order. I suppose that for those who have difficulty reading, perhaps an option to list tracks in alphabetical order might be in order for ADA compliance or something. Otherwise, when I browse one of my albums, I want to see it in the order that the original artist intended.
View 14 Replies
View Related
Apr 7, 2010
From the standard home screen on the X10, when you drag your finger across to the left to open the screen to the right of the home page, is there any functionality to change the order and position of apps/widgets I have added.
The reason I ask is because when I add them, they are not aligned to each other and have been positioned pretty haphazardly, plus I'd like to be able to determine myself where each icon is placed.
View 3 Replies
View Related
Sep 19, 2010
As an additional anti-pirating strategy, I'd like to compute a checksum on my application at runtime. Since my app communicates with a back-end server, I can send the checksum with each message and the server can deny service to altered apps. Not a complete solution to piracy by any means, but a fairly easy way to raise the bar. Anyone know how an app can get access to it's load image at runtime?
View 15 Replies
View Related
Nov 1, 2010
A while ago I tried to work out how to checksum a function at runtime. As I remember, I failed due to some missing functionality of the class loader from vanilla java. Has anyone managed to do this ?
View 2 Replies
View Related
Mar 5, 2012
How do i check MD5 Checksum before flashing a rom?
View 2 Replies
View Related
Sep 5, 2010
On-Phone ROM Checksum Verifier
Download: MD5-Checksum-v2.2.apk (new version!)
Changes in the 2.2 version include:
1. Larger rows and font for easier/better file-selection
2. Sorted list of files displayed in file-selector
3. Retain directory between each file-selection
4. Verify read-access of selected file to prevent force-close
5. Test file's suffix to warn if non jar-type file is selected for jar-verification
6. Add menu support (help, change log, acknowledgements)
Download: MD5-Checksum-v2.1.apk
This version is detailed in a post over at XDA (xda-developers - View Single Post - [Begging] Devs - please publish your MD5's) but its highlights are as follows:
- Still includes all of the functionality of the previous versions
- Now includes two jar file verification functions (they both basically do the same thing; radio button JV1 selects an explicit jar verification (read jar, calculate SHA1 digest, compare to manifest); radio button JV2 just uses the implicit JarFile Java method of jar verification and is much faster since its not doing a second, separate validation (23 seconds for method JV2 on a 100MB ROM vs. 2.5 minutes for method JV1 (all on my Droid X)).
- Now has a file-selector instead of requiring manual filename text input (you can still do this too)
Download: MD5 Checksum v1.1.apk (free!)
Download: checksumdb.txt (save to either /sdcard/download or /sdcard)
[Code]
View 16 Replies
View Related
Jul 4, 2010
I have currently been testing the method of rooting leaked 2.1 phones. There was a little discussion running in that thread (and other threads, I've found) that poses the question whether or not the RUU is the same as 2.1 Leak v3. The RUU I'm using is referenced here: [ROM] Official HTC Desire RUU ROMS and OTA Update URLs - xda-developers - which can be found here:
http://shipped-roms.com/shipped/Desire/RUU_Desire_C_Verizon_WWE_2.36.605.1_release_signed _with_driver.exe
Leak 2.1 v3 I'm using is referenced here: HTC DROID Eris OS 2.1v3 download -- which can be found here: PB00IMG.zip. So, the process that I've been using to root these phones involves flashing the RUU OTA onto the phone. With some help from user bftb0, I have taken the time to do the analysis. How did I get system.img and boot.img off of the RUU OTA, you might ask? Well, after I flashed the RUU OTA onto the phone, I went through the Incredible/Slide root method to root the phone I'm working with (without changing any phone settings within Sense).
After getting adb to recognize the device in recovery, I took the steps necessary to flash Amon_RA's recovery. I then took a Nandroid backup of my phone and extracted the system.img and boot.img files off of the SD card where the Nandroid backup was stored. Then, I used unyaffs to unpack system.img into 2 separate directories, and used split_bootimg.pl to unpack boot.img. So, for split_bootimg.pl I did this, starting at the directory where each respective boot.img file is:
[Code]
View 5 Replies
View Related
May 14, 2010
I just spent half an hour going through each file in the OTA upgrade ZIP and comparing its CRC (checksum) to the same exact file in the "leak v3" PB00IMG.ZIP, including all of the files inside system.img. Process: First off, just by opening the two ZIP files with 7-Zip I can see that the boot.img, radio.img, and recovery.img are identical. In both ZIPs, their CRCs are EA7388FA, 54C41EEC, and 3F0153F1 respectively.
Since the OTA breaks down system.img into just the files that need updating (for the purpose of keeping the file size as low as possible), the only way to compare the files with system.img in "leak v3" was to use the root ROM created from "leak v3". (Thank goodness there's an unadulterated ROM of it, so the original CRCs are intact!) One by one, I compared the CRCs of the files in the OTA's system folder with the same files in the "leak v3" system folder. Findings: The files that are in the OTA are completely identical to the ones in the leak v3 system.img, with only one exception: The OTA contains an additional app called UpgradeSetup.apk. Obviously, it's only necessary for executing the upgrade..............
View 49 Replies
View Related
May 2, 2010
Using Rom Manager, Clockwork recovery, on any ROM, currently Pete's V1. I have yet to successfully restore a previously backed up ROM without getting the MD5 checksum error. I've tried both from inside Rom Manager, manage backups, and booting into recovery and hitting the backup directory. File names are left at default, as 2010-05-02-02.42.46. Frustrating as I wind up having to start from scratch if a ROM install fails.
View 11 Replies
View Related
Dec 5, 2013
have an iBall Andi 3n here. Runs on MediaTek MT6575 SoC. Getting this error while flashing stock rom.
View 1 Replies
View Related
Apr 12, 2010
Anyone know an easy way to check the md5 checksum on a file downloaded with windows (xp)?
View 3 Replies
View Related
Aug 5, 2010
i've found very interesting stuff in the internet. according to the site wave secure contained a very major security leak for some months which has been exploited. it allowed hackers to get the users PIN to login to the web central of wave secure. which then gave them access to the private data of the users, let them track the phone, ... Wave Secure still gave no comment about this. I found the blog at Wave Secure Security Vulnerability Report hope it will be fixed soon.
View 1 Replies
View Related
Jan 16, 2010
are there some smarties here that can confirm that PDAnet is safe / secure and doesn't have spyware / adware type capabilities? The reason I ask is because i'll be using it to tether to my laptop. When installing on the laptop...certificate warnings pop up.. the same when installing on droid. (USB debugging warning comes up saying it has to be turned off) which basically means data can be transferred wherever.
View 2 Replies
View Related
Jul 27, 2010
I want to store some small but critical piece of information such as AES keys in my Android application. What would be the recommended way to do this? I do not want to hardcode keys as part of my application. I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem. Is there a built in Android class to perform this task? Or should I look for third party libraries? Using NDK is also acceptable for me.
View 1 Replies
View Related
Feb 12, 2010
I have a pretty basic helper class that I'm using to do all my Http Get/Post stuff. I'm using HttpGet, HttpPost, and HttpClient from the org.apache.http library. All of my stuff works fine over HTTP, but as soon as I tried to consume a service that works over HTTPS, I get a ClientProtocolException when executing the request. The only message in the exception is "The server failed to respond with a valid HTTP response".
To test, I sent the exact same payload from a browser using a simple html form and Fiddler2 using the RequestBuilder. I've sent invalid and empty payloads and even sent all of the above with and without headers to see if there was something funky about the way the objects were building the request.
Everything I've used in testing gives me a valid 200 status HTTP response. The service just gives me a structure describing the error if I give it something other than what it expects.
Is there something special I need to add to the HttpPost or HttpClient object(s) to tell it to use HTTPS? Do I have to explicitly tell it to use a different port?
I indeed registered the wrong socket factory for https communication. Here is the updated method that I use to create my HttpClient object with the correct socket factory just in case someone searches this kind of problem in the future:
CODE:............................
View 3 Replies
View Related
Mar 5, 2010
Many of my users have requested a password protection for various data elements in my database. Unfortunately, one of my existing features is backing up the database to a public location (SD Card) for data redundancy, so my database isn't secure.
So my question is two-fold.
How can I encrypt or secure a database on android?
How can I store user created passwords on the device in a secure, inaccessible way.
View 2 Replies
View Related
May 31, 2010
Does it count as antivirus? I've been browsing some threads and people say antivirus apps are causing texting to force close and randomly delete all messages. I keep having this problem and was wondering if uninstalling Wave secure would help
View 4 Replies
View Related
May 26, 2010
I find that the tracking on wave secure isn't really that efficient especially since it's now an app with a monthly subscription. The main reason is that the gps tracking on it is really pretty poor in accuracy and this is the main thing I use it for. So are there any alternatives with more accurate tracking on it? ( I mean google maps gives it more accurate than WS)
View 4 Replies
View Related
Jul 29, 2010
For the details read here. all those that thought they would have free usage of wave secure. think again. McAfee - about - McAfee to Acquire Wave Secure
View 37 Replies
View Related
Dec 22, 2009
I was wondering what people thought about each one or which one is better and accurate? I currently have the sprint HTC Hero and running Mobile defense (MD) but not sure if i want to try Wave secure or stay with mobile defense.
View 2 Replies
View Related
Nov 24, 2010
I am developing an Android frontend to a web application using its API. This Android application will expose some extra features if the user is a 'pro'. Therefore I need the Android app to acquire the information whether an account is pro. That is done while getting the token. In other words, when the Android application requests a token to the web application via the API, the web application provides also a flag representing whether the user is a pro.
When the Android app gets that piece of information, it stores it in the SharedPreferences, like this: this.sharedPreferencesEditor.putBoolean(Account.PRO_ACCOUNT, isPro).commit();
Then the Android app reads that value to decide whether a certain feature is available to that user. Now, my question is: is that approach easily hackable? I mean, can some clever user work-around this system and get pro-features even if they are not pro-users? How could do that?
View 1 Replies
View Related
Mar 23, 2010
I've only distributed a few apps by sending .apk files around.I was wondering how Android Market prevents users from distributing a paid application to other people.
View 2 Replies
View Related
Feb 7, 2009
I'm implementing a feature that requires a password, is it safe to store using SharedPreferences.Editor? Is there another recommended way for storing passwords?
View 8 Replies
View Related
Sep 2, 2012
App that tunnels my text and whatsapp message to another android device.
Like this scenario:
3G --> message ( whatsapp or text ) --> android device 1 ( proxy ) --> encrypted -->WIFI ( internet ) --> Android device 2
This way i can send and receive messages trough another android device that acts as an secure message proxy.
View 1 Replies
View Related
Apr 16, 2010
Should this app always stay open? Should I exclude it from the list of apps that close when I clear the task manager? I'm guessing it will take up virtually no memory unless someone tampers with the phone?
View 7 Replies
View Related
Aug 2, 2010
The title was quite blunt - but I'm writing this to warn others about paying for this product. I'm sure it is an excellent product - if you can get it to work. I made the mistake of paying for a subscription before I tried it. I have never been able to get it working.
I've been in contact with their support department who (very occasionally) reply to my email messages. I have done as they asked, run debug versions and supplied them with log files. They tell me that the problem is at their server end and they are trying to fix it. Since then (weeks ago) I've heard nothing despite repeat attempts to ask them for an update (and my money back). This morning, my phone told me that an update was available. I eagerly downloaded it in case this fixed the problem - it didn't. Just in case anyone from Wave Secure is reading this, please check support tickets IYR-245894 and BQO-385045 and you'll see how lousy you are at supporting a paying customer. So, although this product may be good, please don't buy it unless you are sure it works first. Also, if you have any problems, please don't hold your breath waiting for support from them as it probably won't happen.
View 8 Replies
View Related
