Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Hand-checking the digital signature of Android in-app purchase against the Google public key
//The modulus of the IAP public key, as Base64.
//The public exponent is 65537, we'll hard-code it.
private static final String GMOD = "APXj+9V6Mrp7DwDVLP2yIDhuMiB30R+NQ9JO14jg42S3TcJFhURQZ2RD21GIbp5S7RLy7YDcxOjH765HM7FWUJgJegvL01lYtzFkXv0XRcnL05m5sgTp58i9fYOJt1QKar2k4FI/a6iv7sjT4qGLOcX3drjDx6WKwZdnu6q5rA94rycHoe+BdELsy1eKBp/iI4KIe/Y3WePYfVgynL4mrJOHutf1tvy6WL04zG61yl3PBlwh6uy1K+RBqEXeiznS0ee4Xq3fe3puq6HgEZKw8PQIihxk8odbg1lneqAk51JZ8vuQi9WEZMdvqWK+p4jT+q7mTYQO18NH1MP5y2/fj8k=";
//d is the value of the IAP result intent's string extra "INAPP_PURCHASE_DATA"
//s is the value of the IAP result intent's string extra "INAPP_DATA_SIGNATURE"
private static boolean PowModThenCheck(String d, String c)
byte []h = MessageDigest.getInstance("SHA1").digest(d.getBytes());
byte [] p = new java.math.BigInteger(1, Util.FromBase64(c)) //Substitute your own FromBase64 function
new java.math.BigInteger(Util.FromBase64(GMOD))
if(p.length != 255 || p[0] != 1)
return false;
int i;
if(p[i] != -1)
return false;
final byte []TheOID = new byte[]{0, 0x30, 0x21, 0x30, 9, 6, 5, 0x2B, 0xE, 3, 0x02, 0x1A, 5, 0, 4, 0x14};
if(p[i] != TheOID[i-219])
return false;
if(p[i] != h[i-235])
return false;
return true;
catch(Exception exc)
return false;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment