转载请注明出处
根据已知Google证书的序列号来识别APK使用哪种证书签名的
目前只列出google原生签名,其他私有签名均视为presigned
#!/bin/bash
# Grab cert. info from APKs
# eric, 130628
CER_NAMES=(
# google key serial
google_platform
google_shared
google_media
google_testkey
# google devkeys
google_devkey
google_devkey_media
google_devkey_platform
google_devkey_shared
)
CER_SERIALS=(
# google key serial
B3998086D056CFFA
F2A73396BD38767A
F2B98E6123572C4E
936EACBE07F201DF
# google dev devkeys
BCDFE81405D5C69E
A1573D0F45BEA193
A3823FB27F6289B8
BE56E295629C3E3D
)
if [ -z $1 ]
then
echo "usage: $0 <apks_dir>"
exit 1
fi
echo "certificate, cert_serial, apk" >/dev/stderr
(
find $1 -name *.apk | while read apk
do
# echo "=== $apk ==="
apk_cert=$(unzip -p $apk META-INF/*.RSA |
openssl pkcs7 -inform DER -print_certs |
openssl x509 -noout -serial)
if [ $? != 0 ]
then
echo "*** err: Cannot grab certs of '$apk'"
continue
fi
rsa_ser=${apk_cert#*=}
i=0
cert="presigned"
for v in ${CER_SERIALS[@]}
do
if [ "$v" = "$rsa_ser" ]
then
cert=${CER_NAMES[$i]}
# echo "$i === $cert"
break
fi
i=$((i+1))
done
echo "$cert, $rsa_ser, $apk"
done
) | sort
exit 0