Skip to content

Instantly share code, notes, and snippets.

Avatar

Scott Alexander-Bown scottyab

View GitHub Profile
@scottyab
scottyab / SignatureCheck.java
Last active Oct 7, 2020
Simple Android signature check. Please note: This was created in 2013, not actively maintained and may not be compatible with the latest Android versions. It's not particularly difficult for an attacker to decompile an .apk, find this tamper check, replace the APP_SIGNATURE with theirs and rebuild (or use method hooking to return true from `vali…
View SignatureCheck.java
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;
public class TamperCheck {
//we store the hash of the signture for a little more protection
private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846";
@scottyab
scottyab / MyAppFirebaseMessagingService.kt
Last active Aug 17, 2020
Sample of how an app "MyApp" would intergrate and enable Beacon SDK push notifications
View MyAppFirebaseMessagingService.kt
class MyAppFirebaseMessagingService : FirebaseMessagingService() {
override fun onMessageReceived(remoteMessage: RemoteMessage) {
if(remoteMessage.data.isNotEmpty()) {
processNewMessage(remoteMessage.data)
}
}
private fun processNewMessage(remoteMessageData: Map<String, String>) {
if (BeaconPushNotificationsProcessor.isBeaconNotification(remoteMessageData)) {
View SaferWebViewClient.java
/**
* Implements whitelisting on host name
*/
public class SaferWebViewClient extends WebViewClient {
private String[] hostsWhitelist;
public SaferWebViewClient(String hostsWhitelsit){
super();
this.hostsWhitelist = hostsWhitelist;
@scottyab
scottyab / Installer
Created Sep 17, 2014
Tamper checks
View Installer
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
public class InstallerCheck{
private static final String PLAY_STORE_APP_ID = "com.google.android";
public static boolean verifyInstaller(final Context context) {
@scottyab
scottyab / SampleEncPrefs.kt
Created Jul 24, 2019
Simple example of using EncrypredSharedPreferences
View SampleEncPrefs.kt
package com.scottyab.whatsnewplayground.data
import android.content.Context
import android.content.SharedPreferences
import androidx.security.crypto.EncryptedSharedPreferences
import androidx.security.crypto.MasterKeys
import com.scottyab.whatsnewplayground.BuildConfig
internal class SampleEncPrefs(context: Context) {
@scottyab
scottyab / Coloring.java
Created Oct 29, 2018 — forked from milosmns/Coloring.java
Android: Coloring (Helper Class)
View Coloring.java
package me.angrybyte.coloringdemo;
import static android.graphics.PorterDuff.Mode.SRC_ATOP;
import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.res.ColorStateList;
import android.graphics.Bitmap;
View convertSvgToPng.sh
#!/usr/bin/env bash
# exit if fails
set -o errexit
set -o pipefail
# reads the first arg as the file - expected list of file names without extension
filename="${1:-}"
# loops through each line
while read -r line
@scottyab
scottyab / SafePendingIntent.java
Created May 14, 2014
Creating an explicit pending intent is safer than implicit
View SafePendingIntent.java
//explicit (to MyService)
Intent intent = new Intent(context, MyService.class);
PendingIntent pi = PendingIntent.getService(getApplicationContext(), 0, intent, PendingIntent.FLAG_UPDATE_CURRENT);
//implicit
Intent intent = new Intent("com.my.app.action")
PendingIntent pi = PendingIntent.getService(getApplicationContext(), 0, intent, PendingIntent.FLAG_UPDATE_CURRENT);
@scottyab
scottyab / add-copyright.py
Last active May 24, 2018 — forked from rodrigosetti/add-copyright.py
Adds Copyright Notice to a bunch of Java and Kotlin files
View add-copyright.py
@scottyab
scottyab / Contract Killer 3.md
Created Nov 24, 2017 — forked from malarkey/Contract Killer 3.md
The latest version of my ‘killer contract’ for web designers and developers
View Contract Killer 3.md

Contract Killer

The popular open-source contract for web professionals by Stuff & Nonsense

  • Originally published: 23rd December 2008
  • Revised date: March 15th 2016
  • Original post

You can’t perform that action at this time.