ImaginativeShohag/AppSignatureHelper.java

## AppSignatureHelper.java
package com.google.samples.smartlock.sms_verify;

import android.content.Context;
import android.content.ContextWrapper;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import android.util.Log;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;

/**
 * This is a helper class to generate your message hash to be included in your SMS message.
 *
 * Without the correct hash, your app won't recieve the message callback. This only needs to be
 * generated once per app and stored. Then you can remove this helper class from your code.
 *
 * Source: https://github.com/googlearchive/android-credentials/blob/master/sms-verification/android/app/src/main/java/com/google/samples/smartlock/sms_verify/AppSignatureHelper.java
 */
public class AppSignatureHelper extends ContextWrapper {
    public static final String TAG = AppSignatureHelper.class.getSimpleName();

    private static final String HASH_TYPE = "SHA-256";
    public static final int NUM_HASHED_BYTES = 9;
    public static final int NUM_BASE64_CHAR = 11;

    public AppSignatureHelper(Context context) {
        super(context);
    }

    /**
     * Get all the app signatures for the current package
     * @return
     */
    public ArrayList<String> getAppSignatures() {
        ArrayList<String> appCodes = new ArrayList<>();

        try {
            // Get all package signatures for the current package
            String packageName = getPackageName();
            PackageManager packageManager = getPackageManager();
            Signature[] signatures = packageManager.getPackageInfo(packageName,
                    PackageManager.GET_SIGNATURES).signatures;

            // For each signature create a compatible hash
            for (Signature signature : signatures) {
                String hash = hash(packageName, signature.toCharsString());
                if (hash != null) {
                    appCodes.add(String.format("%s", hash));
                }
            }
        } catch (PackageManager.NameNotFoundException e) {
            Log.e(TAG, "Unable to find package to obtain hash.", e);
        }
        return appCodes;
    }

    private static String hash(String packageName, String signature) {
        String appInfo = packageName + " " + signature;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(HASH_TYPE);
            messageDigest.update(appInfo.getBytes(StandardCharsets.UTF_8));
            byte[] hashSignature = messageDigest.digest();

            // truncated into NUM_HASHED_BYTES
            hashSignature = Arrays.copyOfRange(hashSignature, 0, NUM_HASHED_BYTES);
            // encode into Base64
            String base64Hash = Base64.encodeToString(hashSignature, Base64.NO_PADDING | Base64.NO_WRAP);
            base64Hash = base64Hash.substring(0, NUM_BASE64_CHAR);

            Log.d(TAG, String.format("pkg: %s -- hash: %s", packageName, base64Hash));
            return base64Hash;
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "hash:NoSuchAlgorithm", e);
        }
        return null;
    }
}

## sms_retriever_hash_v9.sh
#!/bin/sh

# ------------------------------------------------------------------
# [Author] Title
#          Description
#
# Source: https://github.com/googlearchive/android-credentials/blob/master/sms-verification/bin/sms_retriever_hash_v9.sh
# ------------------------------------------------------------------

VERSION=0.1.0
SUBJECT=sms-retriever-hash-generator
USAGE="Usage: sms_retriever_hash.sh --package package_name --keystore keystore_file"

# --- Options processing -------------------------------------------
if [ $# == 0 ] ; then
    echo $USAGE
    exit 1;
fi

# USE: apkblacklister.sh --source source.apk --target target.apk more files to scan

if [[ "$1" != "--package" ]]; then
  echo "Error: expected --package as first parameter"
  exit 1
fi
pkg="$2"
shift 2

if [[ "$1" != "--keystore" ]]; then
  echo "Error: expected --keystore as third parameter"
  exit 1
fi
keystore="$2"
shift 2


echo
echo "package name: $pkg"
echo "keystore file: $keystore"
echo

if [ -e "$keystore" ]
then
  echo "File $keystore is found."
  echo
else
  echo "File $keystore is not found."
  echo
  exit 0;
fi

# Retrieve certificate from keystore file. Decoded with Base64 and converted to hex
cert=$(keytool -list -rfc -keystore $keystore | sed  -e '1,/BEGIN/d' | sed -e '/END/,$d' | tr -d ' \n' | base64 --decode | xxd -p | tr -d ' \n')

echo
echo "certificate in hex: $cert"


# concatenate input
input="$pkg $cert"

# 256 bits = 32 bytes = 64 hex chars
output=$(printf "$input" | shasum -a 256 | cut -c1-64)
echo
echo "SHA-256 output in hex: $output"

# take the beginning 72 bits (= 9 bytes = 18 hex chars)
output=$(printf $output | cut -c1-18)

# encode sha256sum output by base64 (11 chars)
base64output=$(printf $output | xxd -r -p | base64 | cut -c1-11)
echo
echo "First 8 bytes encoded by base64: $base64output"
echo
echo "SMS Retriever hash code:  $base64output"
echo
	package com.google.samples.smartlock.sms_verify;

	import android.content.Context;
	import android.content.ContextWrapper;
	import android.content.pm.PackageManager;
	import android.content.pm.Signature;
	import android.util.Base64;
	import android.util.Log;

	import java.nio.charset.StandardCharsets;
	import java.security.MessageDigest;
	import java.security.NoSuchAlgorithmException;
	import java.util.ArrayList;
	import java.util.Arrays;

	/**
	* This is a helper class to generate your message hash to be included in your SMS message.
	*
	* Without the correct hash, your app won't recieve the message callback. This only needs to be
	* generated once per app and stored. Then you can remove this helper class from your code.
	*
	* Source: https://github.com/googlearchive/android-credentials/blob/master/sms-verification/android/app/src/main/java/com/google/samples/smartlock/sms_verify/AppSignatureHelper.java
	*/
	public class AppSignatureHelper extends ContextWrapper {
	public static final String TAG = AppSignatureHelper.class.getSimpleName();

	private static final String HASH_TYPE = "SHA-256";
	public static final int NUM_HASHED_BYTES = 9;
	public static final int NUM_BASE64_CHAR = 11;

	public AppSignatureHelper(Context context) {
	super(context);
	}

	/**
	* Get all the app signatures for the current package
	* @return
	*/
	public ArrayList<String> getAppSignatures() {
	ArrayList<String> appCodes = new ArrayList<>();

	try {
	// Get all package signatures for the current package
	String packageName = getPackageName();
	PackageManager packageManager = getPackageManager();
	Signature[] signatures = packageManager.getPackageInfo(packageName,
	PackageManager.GET_SIGNATURES).signatures;

	// For each signature create a compatible hash
	for (Signature signature : signatures) {
	String hash = hash(packageName, signature.toCharsString());
	if (hash != null) {
	appCodes.add(String.format("%s", hash));
	}
	}
	} catch (PackageManager.NameNotFoundException e) {
	Log.e(TAG, "Unable to find package to obtain hash.", e);
	}
	return appCodes;
	}

	private static String hash(String packageName, String signature) {
	String appInfo = packageName + " " + signature;
	try {
	MessageDigest messageDigest = MessageDigest.getInstance(HASH_TYPE);
	messageDigest.update(appInfo.getBytes(StandardCharsets.UTF_8));
	byte[] hashSignature = messageDigest.digest();

	// truncated into NUM_HASHED_BYTES
	hashSignature = Arrays.copyOfRange(hashSignature, 0, NUM_HASHED_BYTES);
	// encode into Base64
	String base64Hash = Base64.encodeToString(hashSignature, Base64.NO_PADDING \| Base64.NO_WRAP);
	base64Hash = base64Hash.substring(0, NUM_BASE64_CHAR);

	Log.d(TAG, String.format("pkg: %s -- hash: %s", packageName, base64Hash));
	return base64Hash;
	} catch (NoSuchAlgorithmException e) {
	Log.e(TAG, "hash:NoSuchAlgorithm", e);
	}
	return null;
	}
	}
	#!/bin/sh

	# ------------------------------------------------------------------
	# [Author] Title
	# Description
	#
	# Source: https://github.com/googlearchive/android-credentials/blob/master/sms-verification/bin/sms_retriever_hash_v9.sh
	# ------------------------------------------------------------------

	VERSION=0.1.0
	SUBJECT=sms-retriever-hash-generator
	USAGE="Usage: sms_retriever_hash.sh --package package_name --keystore keystore_file"

	# --- Options processing -------------------------------------------
	if [ $# == 0 ] ; then
	echo $USAGE
	exit 1;
	fi

	# USE: apkblacklister.sh --source source.apk --target target.apk more files to scan

	if [[ "$1" != "--package" ]]; then
	echo "Error: expected --package as first parameter"
	exit 1
	fi
	pkg="$2"
	shift 2

	if [[ "$1" != "--keystore" ]]; then
	echo "Error: expected --keystore as third parameter"
	exit 1
	fi
	keystore="$2"
	shift 2



	echo
	echo "package name: $pkg"
	echo "keystore file: $keystore"
	echo

	if [ -e "$keystore" ]
	then
	echo "File $keystore is found."
	echo
	else
	echo "File $keystore is not found."
	echo
	exit 0;
	fi

	# Retrieve certificate from keystore file. Decoded with Base64 and converted to hex
	cert=$(keytool -list -rfc -keystore $keystore \| sed -e '1,/BEGIN/d' \| sed -e '/END/,$d' \| tr -d ' \n' \| base64 --decode \| xxd -p \| tr -d ' \n')

	echo
	echo "certificate in hex: $cert"


	# concatenate input
	input="$pkg $cert"

	# 256 bits = 32 bytes = 64 hex chars
	output=$(printf "$input" \| shasum -a 256 \| cut -c1-64)
	echo
	echo "SHA-256 output in hex: $output"

	# take the beginning 72 bits (= 9 bytes = 18 hex chars)
	output=$(printf $output \| cut -c1-18)

	# encode sha256sum output by base64 (11 chars)
	base64output=$(printf $output \| xxd -r -p \| base64 \| cut -c1-11)
	echo
	echo "First 8 bytes encoded by base64: $base64output"
	echo
	echo "SMS Retriever hash code: $base64output"
	echo